Month: October 2018

On October 12, the U.S. Department of Justice’s Assistant Attorney General Brian Benczkowski delivered remarks that addressed two significant aspects of corporate compliance: improving the compliance expertise of Criminal Division prosecutors; and the Department’s approach to corporate monitors.  Because each topic deserves separate review and analysis, this post will address the first issue of prosecutorial corporate-compliance expertise.

Benczkowski first noted that compliance “is an important factor we take into consideration in every corporate enforcement matter we review.”  Because prosecutors assess a company’s compliance program’s operation both at the time of the alleged misconduct and at the time of resolution to reach a fair and appropriate resolution, he stated, “our prosecutors and supervisors must have a strong foundational understanding of what constitutes an effective approach to compliance.”

Benczkowski then addressed the Criminal Division’s hiring of Hui Chen in the Fraud Section as a compliance consultant with broad expertise in compliance matters.  He acknowledged that this approach “had its benefits,” but cited two types of “inherent limitations in having the locus of our compliance expertise consolidated in a single person in a single litigating section”:

• Limitations of Single Professional’s Expertise: “Even when fully briefed on a matter, a single compliance professional who has not been involved in a case throughout an investigation is not likely to have the same depth of factual knowledge as the attorneys who make up the case team. Nor can any one person be a true compliance expert in every industry we encounter.  An effective, state of the art compliance program in the banking industry, for example, is going to look very different from one in the health care, energy, or casino industries.”
• Limitations of Criminal Division’s Reliance on Single Professional: “Relying on a single person as the repository of all of our compliance expertise also is shortsighted from a management perspective. Anyone who holds such a job will inevitably and quickly feel a strong pull to the private sector.  Their expertise is simply too valuable in this day and age.  If and when that person departed, we would have to start from scratch and find a replacement.  And that process undoubtedly would repeat itself every few years, with little long-term benefit to the Criminal Division.  That is the position we find ourselves in right now.”

Benczkowski added that Chen “spent considerable time training our attorneys and developing in-house knowledge and expertise among attorneys in the Division,” noting that “[t]hat work was very beneficial.”

Benczkowski then announced his plans for increasing compliance capacity and knowledge across the relevant Sections of the Criminal Division, beginning with the Fraud Section and the Money Laundering and Asset Recovery Section, “where the bulk of our corporate enforcement activity takes place.”  He stated that these plans had two elements:  diverse hiring and the development of targeted training programs.”

• Diverse Hiring: Benczkowski said that Criminal Division” will focus on building a team of attorneys who offer diverse skillsets. That means not just attorneys with experience as prosecutors and in the courtroom, but also those who bring compliance experience to the table.”  For corporate-enforcement cases, he indicated that the approach would be to team “a trial attorney with experience litigating corporate cases . . . with an attorney who has experience developing and testing corporate compliance programs,” in order to leverage prosecutorial talent, “which should lead to better and more just outcomes.”  Rather than “outsourc[ing] a separate review of the compliance program when considering the merits of a corporate matter,” Benczkowski maintained that the same attorneys on a case team should be considering all of the factors in the Department’s Principles of Federal Prosecution of Business Organizations (informally known as the “Filip Factors”), “as part of a single, comprehensive review and determination of the right outcome.”
• Training: Benczkowski first summarized the longstanding approaches to training that the Department has provided to attorneys on how to investigate and try cases. Those included trial-advocacy courses at the Department-operated National Advocacy Center (NAC), detailing of Criminal Division attorneys to U.S. Attorney’s Offices across the country, and “a broad array of both voluntary and mandatory training to all of our attorneys across the Department.”  Benczkowski then stated his expectation

that the Division will develop a training program that addresses compliance programs generally, as well as issues specific to each section and unit.  As a result, more of our health care fraud attorneys who work on corporate cases will become experts in health care industry compliance; attorneys working on securities and commodities cases will become experts in compliance relating to securities laws and trading.  We will take this same approach for attorneys who work on FCPA cases, or MLARS attorneys who do cases involving the banking industry.  Ultimately, our goals are to ensure a balance of experience across the Division and to enhance the expertise of our trial attorney workforce.

Benczkowski explained that “[w]e want to ensure that we build and maintain the capacity we need not just for today or next year, but for ten years down the road.  And it will lessen the impact when people inevitably leave the Department to retire or follow other career paths.”

Note:  The Assistant Attorney General’s general approach to increasing compliance expertise via more diverse hiring and increased training is commendable.  It is no reflection on Hui Chen – who brought an unparalleled depth and breadth of compliance expertise to the Division’s Fraud Section, and materially increased the sophistication of the Section’s evaluation of corporate-compliance programs – to say that the Criminal Division (and by extension the Department overall) would benefit from having broader and more sustainable expertise in every Section that handles corporate criminal investigations and cases.

With regard to the Criminal Division’s hiring and use of more attorneys with compliance expertise, a few observations are in order.  Benczkowski’s remarks, as noted above, seem to indicate that his corporate case-staffing approach envisions two distinct categories of attorneys: a trial attorney with experience in litigating corporate cases, and an attorney with experience developing and testing corporate compliance programs.  In practice, that demarcation may be inadvisable over the long term.  As litigating sections in the Department, Criminal Division Sections need to maintain long-term flexibility in their ability to assign investigations and cases to their trial attorneys.  An attorney hired into a Section based on his or her in-house compliance expertise may be of immense value in certain cases where the attorney’s expertise matches with the type of company under investigation, but of lesser value in other cases if he or she does not have at least some litigating experience.  In fact, a number of corporate-compliance officers and managers have been prosecutors before moving into in-house roles, so the Division may not find it necessary to choose between hiring separate categories of trial attorneys and compliance attorneys.

The greater challenge in recruiting such attorneys, however, may be simple economics.  An experienced Assistant U.S. Attorney or Criminal Division prosecutor who takes an in-house compliance position is likely to improve his or her income significantly (taking into account salary, bonuses, and other compensation) over a federal-government salary.  The longer that those attorneys spend in compliance roles, meaning the greater the expertise they are amassing, the disparity between government and private-sector salaries can only increase.  Although the Department has often been fortunate in attracting attorneys who are willing to leave more lucrative private-sector positions for the opportunity to engage in public service, the question for the Criminal Division will be whether it can find enough of such people with both litigating and compliance experience to meet its needs in the next one to three years.

As for increased training, Benczkowski described the proposed training program in very general terms.  Certainly the NAC, which for many years has offered a wide variety of white-collar crime seminars taught by experienced prosecutors, can play a role in bringing more compliance-related training to Criminal Division chiefs and trial attorneys.  But the Division would benefit from adopting a broader conception of compliance training – one that includes three approaches that in-house compliance functions themselves use.

First, when I headed the global anti-bribery and corruption program for a global financial institution, I not only hired compliance professionals who already had relevant expertise, but encouraged them to maintain their current professional certifications and to pursue additional certifications in anti-corruption, fraud, and money laundering as appropriate.  Training courses offered by reputable certifying organizations enable compliance professionals to hear from a variety of experts in their field, and can enhance the certified professionals’ knowledge and professional credibility.

Second, I also sought funding from my superiors to enable my compliance team to attend external compliance conferences on a regular basis.  In-house corporate-compliance managers and specialists routinely benefit from hearing from their peers in their industry or other industries – to obtain informed perspectives on significant compliance trends and developments, to benchmark their compliance programs with other companies in their industry, and to learn methodologies and processes that could enhance their programs.  Criminal Division attorneys can derive similar benefits.

Third, the Division needs to consider developing its own more advanced training on specific compliance issues, as I and my peers in other firms did for our in-house compliance teams.  While the NAC always seeks to maintain a high standard in its training seminars, its training calendar in any given year fills quickly.  That can make it difficult for the Division to use the NAC as the venue for compliance training without substantial lead time.  Although the Department can hardly look to law firms that appear before it on corporate-compliance matters to provide such training, there are other sources of expertise in the private sector and academia on which the Division might draw.  In any event, the Division should be open to adopting whatever training approaches enhance the compliance knowledge and expertise of its prosecutors.

Afterword: A passing comment by Benczkowski during his remarks deserves separate mention.  In discussing the need to improve prosecutorial compliance expertise, he stated his belief that “our prosecutors should consider the adequacy of a compliance program at the same time they are considering, for example, a company’s remedial actions or the timeliness of any voluntary self-disclosure.”  Other commentators –such as Professor Andy Spalding of the University of Richmond Law School – have urged that the Department consider pre-existing compliance as part of its consideration of potential corporate liability, along with the standard factors such as timely and voluntary self-disclosure, full cooperation, and remediation.  It is not clear whether Benczkowski’s comment is more a personal observation or a telltale of future Department policy changes, but corporate-compliance professionals should closely watch future speeches by Benczkowski and other Department officials for indications of further changes in the Department’s corporate-enforcement policies.

In the first three quarters of 2018, there has been an unusual spate of enforcement actions by prosecutors and regulators against top-tier financial institutions for significant failures in their design and implementation of anti-money laundering (AML) compliance programs:

• February – Rabobank: Rabobank N.A., a subsidiary of Rabobank, pleaded guilty in U.S. federal court to felony conspiracy to impair, impede, and obstructing its primary regulator, the U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), by concealing deficiencies in its anti-money laundering (AML) program and for obstructing the OCC’s examination of Rabobank, and agreed to forfeit $368,701,259.
• February – U.S. Bancorp: The Department of Justice reached a deferred prosecution agreement (DPA) with U.S. Bancorp, resolving criminal charges under the Bank Secrecv Act (BSA), that required U.S. Bancorp to forfeit $453 million and pay a $75 million civil penalty assessed by the Office of the Comptroller of the Currency (OCC). In addition, the Financial Crimes Enforcement Network (FinCEN) reached a separate agreement with U.S. Bancorp requiring the bank to pay $70 million for civil BSA violations.
• June – Commonwealth Bank of Australia (CBA): AUSTRAC and CBA reached agreement on a AU$700 million penalty “to resolve Federal Court proceedings relating to serious breaches of anti-money laundering and counter-terrorism financing (AML/CTF) laws.” AUSTRAC later stated that this penalty was “the largest civil penalty in Australia’s corporate history and reflects the magnitude of the serious non-compliance by CBA.”
• July – UBS U.S. Branches: The OCC reported that it had entered cease-and-desist orders against three U.S. branches of UBS and had found that the branches failed (1) to adopt and implement a compliance program that adequately covered the required Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program elements and (2) to timely file Suspicious Activity Reports (“SARs”) related to suspicious customer activity. The OCC also stated that the deficiencies in the branches’ BSA/AML compliance program resulted in various violations of OCC regulations, but did not impose any financial penalties for those violations.
• September – ING: The Dutch Public Prosecution Service announced that it had reached a settlement agreement with ING Bank N.V. requiring ING to pay approximately US$900 million to resolve an investigation focused on violation, “for many years and on a structural basis,” of the Dutch Anti-Money Laundering and Counter Terrorism Financing Act by ING’s business unit ING Bank Netherlands.
• September – Credit Suisse: FINMA concluded two enforcement procedures against Credit Suisse AG. One was for deficiencies in Credit Suisse’s adherence to AML due diligence obligations in relation to suspected corruption involving the International Federation of Association Football (FIFA), the Brazilian oil company Petrobras, and the Venezuelan oil company Petróleos de Venezuela, S.A. (PDVSA).  The other was for deficiencies in the bank’s AML process, as well as shortcomings in the bank’s control mechanisms and risk management, with regard to a significant business relationship with a politically exposed person (PEP).
• September – Danske Bank: Danske Bank acknowledged, based on internal investigations, that approximately $234 billion in potentially suspicious transactions had flowed through its Estonian branch for nearly a decade. Criminal investigations by several countries into the Estonian branch’s activity are now underway.
• September – Deutsche Bank: The Bundesanstalt für Finanzdienstleistungsaufsicht (“BaFin,” the German Federal Financial Supervisory Authority) ordered that Deutsche Bank AG “take appropriate internal safeguards and comply with general due diligence obligations” in order to prevent money laundering and terrorist financing, and appointed a monitor “to report on and assess the progress of the implementation.” BaFin did not specify what shortcomings warranted its order, but reportedly stated that “this was the first time it had made such an appointment at a bank related to money laundering.”

It may be tempting for some to dismiss these actions simply as examples of aggressive behavior by prosecutors and regulators.  AML compliance officers and internal auditors, however, should examine these cases more closely to see what specific failures or deficiencies were identified, at least as a point of comparison with their own compliance programs.

To that end, this post provides a checklist of some of the principal corporate AML failures that were specifically identified in those cases:

• Failure of Systems Design
  • Design of Systems for Monitoring Transactions:
    • In Credit Suisse’s case, FINMA stated that the bank had not established an automated comprehensive overview of client relationships, which would allow every relevant department within the bank “to see all the client’s relationships with the bank instantly and automatically.”
    • In Danske Bank’s case, the internal investigation report stated that the Estonian branch had its own information technology platform, which meant “that the branch was not covered by the same customer systems and transaction and risk monitoring as Danske Bank Group” and that Danske Bank Group “did not have the same insight into the branch as other parts of [the] Group.”
  • Design of Systems to Receive Currency Deposits:
    • In CBA’s case, the bank failed to carry out an appropriate assessment of the money laundering and terrorism financing (ML/TF) risks of its smart Automated Teller Machines, labeled “Intelligent Deposit Machines” (IDMs). AUSTRAC alleged that CBA did not limit the number of transactions a customer could make per day, and that its IDMs allowed up to 200 notes per transaction. That meant that a customer could deposit a stack of 200 AU$100 notes at one time, resulting in a deposit twice a large as the AU$10,000 reporting threshold for transfers of physical currency.  In addition, CBA’s IDMs reportedly allowed anonymous cash deposits, making them more attractive to criminals.  One new report speculated that “whoever installed the machines back in 2012 simply didn’t realise transactions above $10,000 had to be reported, and never wrote the code.”
  • Failure of Organizational Design:
    • In ING’s case, the Public Prosecution Service stated that
      • “one of the main reasons for the shortcomings was the insufficient attention paid by ING NL to compliance risk management (business over compliance). The responsibility for compliance with the AML/CTF Act rests with three different divisions of the bank. None of these divisions oversaw the whole picture. This in part explains why senior management was not fully aware of the seriousness of the shortcomings, and their persistence.”
    • In Danske Bank’s case, the back acknowledged that “in general, the Estonian branch had insufficient focus on the risk of money laundering, and branch management was more concerned with procedures than with identifying actual risk,” and that “the Estonian control functions did not have a satisfactory degree of independence from the Estonian organization.”
  • Noncompliance with Corporate AML Program Requirements:
    • In CBA’s case, for a period of three years, the bank did not comply with the requirements of its own AML program relating to monitoring transactions on 778,370 accounts.
    • In Credit Suisse’s case, FINMA found that a client relationship manager –
      • “who was very successful in terms of assets under management – breached the bank’s compliance regulations repeatedly and on record over a number of years. However, instead of disciplining the client manager promptly and proportionately, the bank rewarded him with high payments and positive employee assessments. The supervision of the relationship manager was inadequate due to this special status.”
  • Failure to Implement Controls:
    • In CBA’s case, the bank failed to complete the introduction of appropriate controls to mitigate and manage the money laundering and terrorist financing (ML/TF) risks of its IDMs.
    • In UBS’s case, the Consent Order cited the branches’ inadequate system of internal controls as one of the “critical deficiencies” in the elements of the branches’ BSA/AML compliance program.
  • Failure to Meet Due Diligence Obligations:
    • In Credit Suisse’s case, FINMA determined that “repeatedly over a number of years,” Credit Suisse had failed to comply with its due diligence obligations relating to FIFA, Petrobras, and PDVSA in five respects: (1) Identifying the client; (2) Determining the beneficial owner; (3) Categorizing a business relationship as posing an increased risk; (4) Performing the necessary clarifications upon increased risk plus associated plausibility checks; and (5) documentation. It also determined that with respect to a significant business relationship with a client who was a PEP, Credit Suisse “failed to meet its heightened due diligence obligations regarding investigation, plausibility checks and documentation regarding the client and certain related high-risk transactions.”
    • In ING’s case, the Public Prosecution Service stated that “[t]he absence or insufficient conducting of client due diligence led to ING NL’s acceptance of clients without sufficiently investigating the risks associated with those clients. Clients were also classified in the wrong client segments.” That statement cited multiple specific examples of due diligence failures, including a women’s underwear trader that was able to launder approximately €150,000,000 through its bank accounts with ING NL.
    • In Danske Bank’s case, the internal investigations report stated that failures of the bank’s due diligence included lack of knowledge of customers, lack of identification of ultimate beneficial owners and “controlling interests,” inclusion of “so-called intermediaries,” “which were unregulated and represented unknown end-customers,” as customers.
    • In UBS’s case, the Consent Order stated that the branches had systemic deficiencies in their customer due diligence, enhanced due diligence, and customer risk rating processes, and failed to establish and apply an adequate due diligence program for foreign financial institutions.
  • Failure to Maintain Adequate Staff:
    • In ING’s case, the Dutch Public Prosecution Service stated that “[t]he compliance department was understaffed and inadequately trained. Partly due to the limited personnel capacity, the system for monitoring transactions was set up by the bank in such a way that only a limited number of money laundering signals were generated.”
    • Similarly, as noted below, in U.S. Bancorp’s case, the bank capped the number of automated alerts its system generated, based on staffing levels and resources.
  • Failure to Monitor Customers:
    • In Danske Bank’s case, the internal investigations report stated that the AML monitoring failings included insufficient attention to customer activities, lack of identification of the source and origin of funds used in transactions, absence of screening of customers against PEP lists, absence of screening of incoming payments against sanctions or terror lists, and in general, absence of automatic screening of incoming payments. In addition, Danske Bank’s Internal Audit team noted in 2014 that “’ongoing monitoring’ was performed manually by account managers, who were responsible for so many customers that it was ‘in fact impossible to perform the monitoring in an effective and efficient way’.”
    • In CBA’s case, the bank, even after it became aware of suspected money laundering or structuring on CBA accounts, “did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.”
    • In UBS’s case, the Consent Order stated that the branches “had systemic deficiencies in their transaction monitoring systems, which resulted in monitoring gaps. These systemic deficiencies resulted in alert and investigation backlogs, and led to a failure to file SARs in a timely manner.”
    • In Credit Suisse’s case, FINMA found that Credit Suisse “had failed to adequately record, contain and monitor the risks arising over a number of years from the PEP business relationship and the responsible (and since criminally convicted) client relationship manager.”
    • In Rabobank’s case, Rabobank “knew that millions of dollars in cash deposits at [its Southwest border] branches were likely tied to illicit conduct,” yet continued its practice of soliciting cash-intensive customers from Mexico and elsewhere for an extended period.
  • Conducting Transactions Not Subject to Monitoring:
    • In U.S. Bancorp’s case, the bank processed Western Union transactions involving non-customers, “even though they would not be subject to the Bank’s transaction monitoring systems. Even when Bank employees flagged specific non-customer transactions raising AML-related concerns, the transactions went uninvestigated.”
  • Manipulation of Monitoring Software:
    • In U.S. Bancorp’s case, FinCEN stated that the bank “capped the number of alerts its automated transaction monitoring system would generate to identify only a predetermined number of transactions for further investigation, without regard for the legitimate alerts that would be lost due to the cap.” The U.S. Attorney who handled the DPA stated that the bank “bas[ed] the number of such alerts on staffing levels and resources, rather than setting thresholds for such alerts that corresponded to a transaction’s level of risk.”
    • Similarly, in ING’s case, the Public Prosecution Service stated that “[p]artly due to the limited personnel capacity, the system for monitoring transactions was set up by the bank in such a way that only a limited number of money laundering signals were generated. Only the proverbial tip of the iceberg was investigated.”
  • Compromise of Alert Processes:
    • In Rabobank’s case, the bank “received regular alerts of transactions by ‘High-Risk’ customers, or through accounts deemed to be ‘High-Risk,’ and that had been the subject of prior SARs filed by Rabobank,” but “created and implemented policies and procedures to prevent adequate investigations into these suspicious transactions, customers, and accounts.” In particular, the bank created a “Verified List” of certain customers, and ”instructed its employees that if a customer was on the ‘Verified List,’ no further review of that customer’s transactions was necessary — even if the transactions generated an internal alert, or the customer’s activity had changed dramatically from when it was ‘verified’.”  The bank also instructed its BSA/AML staff “to aggressively increase the number of bank accounts on the Verified List.”
  • Failure to Timely Report High Volumes of Suspicious Transactions:
    • In CBA’s case, the bank failed to provide 53,506 threshold transaction reports, having a total value of about AU$625 million, to AUSTRAC on time for nearly three years. It also “failed to report suspicious matters on time, or at all, involving transactions in the tens of millions of dollars.”
    • In U.S. Bancorp’s case, the bank willfully failed to timely report suspicious banking activities of a longtime customer, despite being on notice that he had been using the bank to launder proceeds from an illegal and fraudulent payday lending scheme. As part of that failure, the Justice Department stated that the bank “disregarded numerous red flags” concerning the suspicious nature of the customer’s activity.
    • In Danske Bank’s case, the internal investigations report noted that the bank’s AML failings included lack of response to suspicious customers and transactions.
  • Failure to Terminate Customer Accounts:
    • In ING’s case, the Public Prosecution Service determined that “[c]lient relationships and bank accounts were . . . , when necessary, not terminated by the bank in a timely manner.”
    • In U.S. Bancorp’s case, after receiving information that the customer had been using sham bank accounts under the names of companies nominally owned by various Native American tribes to launder proceeds of his fraud scheme, the bank “closed the accounts in the names of the tribal companies but failed to file a SAR . . . and left open [the customer’s] ’s non-tribal accounts and opened new ones,” which allowed additional proceeds of more than $176 million from his illegal payday business to flow into the bank.
  • Termination of Employees Identifying Potential Misconduct:
    • In Rabobank’s case, the Justice Department stated that “[t]o further conceal the inadequate nature of its BSA/AML program and to avoid ‘others contradicting our findings’ and statements to the OCC, Rabobank demoted or terminated two RNA employees who were raising questions about the adequacy of Rabobank’s BSA/AML program.”
  • Prior Warnings by Regulators:
    • In ING’s case, the Public Prosecution Service noted that the Dutch Central Bank had warned ING NL on multiple occasions. In U.S. Bancorp’s case, an OCC examiner assigned to the Bank had repeatedly warned bank officials “of the impropriety of managing the Bank’s monitoring programs based on the size of its staff and other resources.”
    • In Danske Bank’s case, the bank had been the subject of regulatory sanctions with respect to its Estonian branch from both the Estonian FSA and the Danish FSA in 2015 and 2016, respectively.
  • Concealment of Conduct from Regulators:
    • In U.S. Bancorp’s case, bank officials (including the Chief Compliance Officer). “[k]nowing that the OCC would find [the Bank’s] resource-driven alert limits to be improper, . . . deliberately concealed these practices from the OCC.”
  • Obstruction of Regulators:
    • In Rabobank’s case, when the OCC began conducting its periodic examination of Rabobank in 2012, the Justice Department stated that Rabobank agreed to knowingly obstruct the OCC’s examination. Rabobank responded to the OCC’s February 2013 initial report of examination with false and misleading information about the state of Rabobank’s BSA/AML program.  Rabobank also made false and misleading statements to the OCC regarding the existence of reports developed by a third-party consultant, which detailed the deficiencies and resulting ineffectiveness of Rabobank’s BSA/AML program.” The Department also stated that Rabobank did so “in hopes of avoiding regulatory sanctions that had previously been imposed on Rabobank in 2006 and 2008 for nearly identical failures.”

There is no doubt that each of these acts and omissions constitute, in varying degrees, serious failures in AML compliance that would be problematic for any financial institution.  AML compliance officers should use these examples in not only in reviewing their own programs, but in crafting general and targeted training for managers and employees.  It is easy for executives and employees at leading financial institutions to think, “It can’t happen here,” which makes it all the more important for compliance programs to show that it can happen and has happened at peer institutions.  As the examples here have shown, the price of complacency or inattention to robust and consistent AML compliance can be devastating in financial and reputational terms.

Since the start of October, two events strongly indicate that Danske Bank – already under the pitiless glare of publicity for its acknowledgement that $234 billion in potentially suspicious transactions had moved through its Estonian branch – has now entered a new and substantially more worrisome phase of law enforcement scrutiny.  First, on October 4, Danske Bank itself acknowledged not only that it was “in dialogue” with Danish and Estonian authorities regarding criminal investigations by both countries into the Estonian branch’s activities, but also that it also had “received requests for information from the U.S. Department of Justice (DOJ) in connection with its own criminal investigation relating to the Estonian branch . . . .”  The bank further stated that It “is cooperating with these authorities,” adding that “[t]he timing of completion of the investigations by, and subsequent discussions with, the authorities is uncertain, as is the outcome.”

Second, on October 12, according to ERR News (the English-language service of Estonian Public Broadcasting), Estonian Prosecutor General Lavly Perling informed the Legal Affairs Committee of the Riigikogu (Estonia’s unicameral Parliament) that the criminal investigation into the Estonian branch “is expected to progress enough by the end of the year that the Prosecutor’s Office will be able to reveal new information about it.”  Perling, who has been the Prosecutor General since 2014, also reportedly stated that cooperation with Danish prosecutors “has been good,” but “cooperation with Russia, the alleged source of the money laundering, has been difficult,”  and that Estonian authorities had sent “appeals for legal assistance” to European and unspecified other countries. Although ERR News said that Danske Bank “has reported eight people to the Estonian police in connection with the suspected money laundering,” Perling declined to specify the number of people currently under investigation.

Note:  That Danish, Estonian, and even United Kingdom authorities are conducting criminal investigations into the myriads of suspicious transactions through Danske Bank’s Estonian branch is old news.  Confirmation of a U.S. Department of Justice investigation into that subject is not.  To date, the Justice Department has not confirmed Danske Bank’s statement, and is unlikely to say anything about the scope and scale of that investigation until and unless it reaches a resolution with Danske Bank.

For now, it is reasonable to assume that the primary focus of the Justice Department investigation will be whether any of the bank’s or Estonian branch’s conduct indicates criminal violations of the U.S. money-laundering offenses.  U.S. agents and prosecutors will certainly want to determine whether any possible laundering transactions by non-resident customers in Estonia flowed from Danske Bank’s Estonian branch through U.S. correspondent banks. Given the titanic scale of cross-border transactions that flowed through Estonia over nearly a decade, however, it is by no means impossible that as the Department receives and reviews material from Danske Bank and other sources, it may find a factual basis on which to expand its investigation beyond Danske Bank to other Estonian banks or branches of foreign banks.

In any event, the pace of all of these investigations is likely to be far slower than any of the investigating agencies – let alone Danske Bank – would want.  As each new jurisdiction opens its own investigation and seeks documents from foreign authorities, the challenges for each investigating agency in reviewing and analyzing documentation, deciding on next steps in its investigation, and coordinating with other jurisdictions can mount exponentially.  At least for participating European Union Member States, it may soon be worthwhile considering the establishment of a Joint Investigation Team (JIT), in conformity with the European Union’s model JIT agreement, to improve investigative coordination and reduce the financial burdens on less populous countries.  Any coordination measures that might shorten what otherwise could be a years-long process to bring these disparate investigations to fruition would be welcome.

On October 3, the High Court of England and Wales (High Court) issued a pair of related decisions pertaining to Unexplained Wealth Orders (UWOs) entered against Zamira Hajiyeva, the wife of Jahangir Hajiyev, the former chairman of the state-owned International Bank of Azerbaijan (IBA).  Because these UWOs are the first to be issued and publicly disclosed, this analysis will address, respectively, the timeline and background of the case and the two decisions, which discharged the High Court’s anonymity order covering Hajiyeva and Hajiyeva’s substantive challenge to the UWOs.

• Background:
  • 2015: Hajiyev, who had served as IBA Chairman from 2001 until 2015, was arrested by the Azeri Ministry of the Interior and accused of embezzling €125 million from the IBA.
  • 2016: Hajiyev was sentenced to 15 years’ imprisonment and required to pay the IBA $39 million, after being charged with large-scale embezzlement, abuse of trust, and other violations of the Azeri Criminal Code. At the time, Hajiyeva reportedly was placed under arrest in absentia and was on the Azeri government’s wanted list, but apparently did not return to Azerbaijan to face charges.
  • 2017: The United Kingdom Criminal Finances Act 2017 became law. Under Section 1 of that Act, the High Court is authorized to issue a UWO, which, according to the United Kingdom National Crime Agency (NCA), “requires a person who is reasonably suspected of involvement in, or of being connected to a person involved in, serious crime to explain the nature and extent of their interest in particular property, and to explain how the property was obtained, where there are reasonable grounds to suspect that the respondent’s known lawfully obtained income would be insufficient to allow the respondent to obtain the property.”  The Section 1 authority came into force on January 31, 2018.
  • 2018: In February 2018, the NCA applied for and obtained its first-ever UWOs, to investigate assets totaling £22 million – Hajiyev’s and Hajiyeva’s Knightsbridge home in London and a golf course in the South East of England — that were believed to ultimately be owned by Hajiyev as a politically exposed person (PEP).  At that time, the High Court also issued interim freezing orders (IFOs), which prohibited the sale, transfer, or dissipation of the assets while subject to the IFO.  Subsequently, it issued an anonymity order to protect the identity of Hajiyeva (“Mrs A” in the first High Court decision), Hajiyev (“Mr A”), and the two lawyers who acted on Hajiyev’s behalf at his trial and on his appeal.
• Anonymity Order: With regard to the need to keep the anonymity order in place, Hajiyeva argued that disclosure would interfere with her and her husband’s right to respect for their private and family life under Article 8 of the European Convention on Human Rights (ECHR).  Justice Supperstone, however, expressed concern for the principle of open justice, particularly the importance of doing justice in open court and having the names of the people whose cases are being decided, and others involved in the hearing, be public knowledge.  In his view, “An order for anonymity is a derogation from the principle of open justice and an interference with the Art[icle] 10 ECHR rights of the public at large.”  He disagreed that identification of “Mrs A” or her husband would interfere with her or their rights under Article 8, noting that “any interference with their Art[icle] 8 rights is unlikely to be severe.”  He also concluded that he was “not satisfied that there should be any derogation from open justice. The public interest in publishing a full report of the proceedings, in my view, outweighs any concerns that the respondent may have about herself or her husband. I do not consider that any anonymity order is necessary in the interests of the respondent, or her husband, or his lawyers.”  He accordingly discharged the anonymity order.
• Substantive Challenge: Hajiyeva contested the UWOs on eight grounds, including that Hajiyev was not a PEP, that the Criminal Finances Act’s income requirement had not been met, and that the UWO offends the privilege against self-incrimination and spousal privilege.
  • On the first point, Mr. Justice Supperstone concluded that Hajiyev is a PEP, and that accordingly Hajiyeva, “as his wife, is herself a PEP.”
  • On the second point, he concluded that the income requirement was satisfied.
  • On the third point, he concluded that the UWO did not offend the self-incrimination and spousal privileges on several grounds. First, although Hajiyeva expressed concern about her possible prosecution in Azerbaijan, “Hajiyeva and her husband have no right to invoke either privilege with regards to the alleged risk of prosecution for criminal offences outside the [United Kingdom].”  Second, because he did not believe that the evidence disclosed “a real and appreciable risk” that Hajiyeva or Hajiyev will be prosecuted for offences in the United Kingdom, “the threshold test for the privileges to apply has not been satisfied.” Third, he concluded that “Parliament in creating the UWO procedure has necessarily intended that the privileges be abrogated.”  Fourth, he determined that subsection 13(1) of the Fraud Act 2006 excludes the privileges “in proceedings relating to property,” and that “these UWO proceedings are proceedings for ‘an account of any property or dealings with property’” within the meaning of subsection 13(3)(c) of that Act.
  • He also disagreed that “disclosure of information under the UWO about the property will give rise to a real or appreciable risk of prosecution of Mrs Hajiyeva or her husband for offences in the UK or in the non-EEA Country (even assuming for present purposes that she would return to the non-EEA Country). There is no evidence that they would be at risk of further criminal proceedings in any event.”
• In the course of this decision, Mr. Justice Supperstone briefly noted that between September 2006 and June 2016, Hajiyeva spent a total of £16,309,077.87 at Harrods in London “on numerous different credit cards,” and that “a significant number of these cards, namely 35 American Express, Mastercard and Visa cards were issued by the [IBA].”

Hajiyeva’s attorneys indicated that she will appeal Mr. Justice Supperstone’s rulings. In the meantime, Hajiyev reportedly is facing new criminal charges of tax evasion and money laundering in Azerbaijan.

Note: When using a new statutory authority for the first time, law enforcement authorities are always well-advised to select a test case where the facts are highly favorable for the government.  By that standard, the NCA did well to choose this as the test case for UWOs.  As reflected in Mr. Justice Supperstone’s decisions, Aliyev’s embezzlement conviction and Aliyeva’s profligacy in spending – which has now attracted media attention around the world, including Australia, Brazil, Canada, France, Indonesia, Italy, and the United States — weighed significantly in the balance.  While the outcome of appeal cannot be predicted with high confidence, Mr. Justice Supperstone’s rulings on each of Hajiyeva’s challenges appear soundly grounded.

That fact also bolsters the NCA’s credibility in making use of UWOs in future investigations.  Donald Toon, the NCA’s Director for Economic Crime, has already stated about the rulings that “[w]e are determined to use the powers available to us to their fullest extent where we have concerns that we cannot determine legitimate sources of wealth.”

On September 28, the Interim Report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Commission) was tabled in the Australian Parliament.  The Letters Patent that the Australian Governor-General issued provided the Commission, which was established in December 2017, with terms of reference that included ten primary responsibilities:

• “[w]hether any conduct by financial services entities (including by directors, officers or employees of, or by anyone acting on behalf of, those entities) might have amounted to misconduct and, if so, whether the question of criminal or other legal proceedings should be referred to the relevant Commonwealth, State or Territory agency;”
• “[w]hether any conduct, practices, behaviour or business activities by financial services entities fall below community standards and expectations;”
• “[w]hether the use by financial services entities of superannuation members’ retirement savings, for any purpose, does not meet community standards and expectations or is otherwise not in the best interests of those members;”
• “[w]hether any findings in respect of the matters mentioned in paragraphs (a), (b) and (c):
  • “(i) are attributable to the particular culture and governance practices of a financial services entity or broader cultural or governance practices in the relevant industry or relevant subsector; or
  • “(ii) result from other practices, including risk management, recruitment and remuneration practices, of a financial services entity, or in the relevant industry or relevant subsector;”
• “the effectiveness of mechanisms for redress for consumers of financial services who suffer detriment as a result of misconduct by financial services entities;”
• “the adequacy of:
  • “(i) existing laws and policies of the Commonwealth (taking into account law reforms announced by the Commonwealth Government) relating to the provision of banking, superannuation and financial services; and
  • (ii) the internal systems of financial services entities; and
  • (iii) forms of industry self-regulation, including industry codes of conduct;

“to identify, regulate and address misconduct in the relevant industry, to meet community standards and expectations and to provide appropriate redress to consumers;”

• “the effectiveness and ability of regulators of financial services entities to identify and address misconduct by those entities;”
• “whether any further changes to any of the following are necessary to minimise the likelihood of misconduct by financial services entities in future (taking into account any law reforms announced by the Commonwealth Government):
  • the legal framework;
  • practices within financial services entities;
  • the financial regulators;”
• “any matter that has occurred or is occurring overseas, to the extent the matter is relevant to a matter mentioned in paragraphs (a) to (h);” and
• “any matter reasonably incidental to a matter mentioned in paragraphs (a) to (i).”

The Letters Patent also directed the Commission “to have regard to the implications of any changes to laws, that you propose to recommend, for the economy generally, for access to and the cost of financial services for consumers, for competition in the financial sector and for financial system stability,” and authorized it “to have regard to comparable international experience, practices and reforms.”

In view of the breadth of the terms of reference, it is not surprising that the Interim Report is a voluminous 347 pages.  The Commission summarized the Interim Report in exceedingly cursory terms:

• Overview: So far, the Commission’s work “has shown conduct by financial services entities that has brought public attention and condemnation. Some conduct was already known to regulators and the public generally; some was not.”
• Why Did It Happen?: Too often, selling “became the sole focus of attention” for banks and all financial services entities, and “[f]rom the executive suite to the front line, staff were measured and rewarded by reference to profit and sales.”  Moreover, “[w]hen misconduct was revealed, it either went unpunished or the consequences did not meet the seriousness of what had been done. The conduct regulator, ASIC, rarely went to court to seek public denunciation of and punishment for misconduct. The prudential regulator, APRA, never went to court.”
• What Can Be Done to Prevent Recurrence of the Conduct?: The Commission noted that “entities and regulators have increasingly sought to anticipate what will come out, or respond to what has been revealed, with a range of announcements,” and that “[t]here have been changes in industry structure and industry remuneration.” It also posed a series of questions about possible legal changes:
  • “Should the existing law be administered or enforced differently? Is different enforcement what is needed to have entities apply basic standards of fairness and honesty: by obeying the law; not misleading or deceiving; acting fairly; providing services that are fit for purpose; delivering services with reasonable care and skill; and, when acting for another, acting in the best interests of that other? The basic ideas are very simple. Should the law be simplified to reflect those ideas better?”

The full text of the Interim Report, however, contains extensive details about the magnitude and prevalence of misconduct in Australian financial services.  They include information about (1) conduct that five leading Australian financial institutions – AMP, ANZ, Commonwealth Bank (CBA), National Australia Bank (NAB), and Westpac – acknowledged with regard to consumer lending, financial advice, small and medium enterprises, agricultural lending, and remote communities, and (2) regulation and the regulators, with specific reference to the Australian Securities & Investments Commission (ASIC).  With regard to each of those topics, the Interim Report also sets out a series of questions for further consideration.

Note: Although the Letters Patent generally referred to conditions in the banking industry in anodyne terms, what prompted the Commission’s creation was “a decade of scandals that have rocked the [banking and financial] sector,” including leading Australian institutions, as well as more than AU$1 billion in penalties and compensation that Australian banks have paid since the 2008 financial crisis.  As highly profitable banks in Australia have become deeply unpopular, the Commission’s ultimate findings and recommendations may play a vital role in setting the industry on a path, however uncomfortable it may be, to reform and recovery of public trust.

The Commission’s Interim Report provides significant substantive content about reported misconduct regarding banking, superannuation, and financial services, without seeking to provide definitive answers and recommendations.  In general, that means that interested parties have ample time to provide additional information and recommendations to the Commission.  The Commission will be scheduling additional rounds of hearings as its work progresses, and its final report is scheduled to be presented to the Australian Governor-General on February 1, 2019.

Those interested in submitting public comments on the Interim Report, however, must do so no later than 5:00 pm (Melbourne time) on Friday, October 26.  Public submissions on policy issues relating to the insurance industry must be made by 12:00 noon (Melbourne time) on Thursday, October 25.