United Kingdom Financial Conduct Authority Fines Standard Chartered Bank More Than £102 Million for Poor AML Controls

On April 9, the United Kingdom Financial Conduct Authority (FCA) announced that it had fined Standard Chartered Bank (SCB) £102,163,200 “for Anti-Money Laundering (AML) breaches in two higher risk areas of its business.”  The FCA stated that it had conducted investigations into two areas of SCB’s business that SCB had identified as higher risk: (1) its UK Wholesale Bank Correspondent Banking business; and (2) its branches in the United Arab Emirates (UAE).

The FCA stated that it had found “serious and sustained shortcomings” in SCB’s AML controls relating to customer due diligence and ongoing monitoring, and that SCB “failed to establish and maintain risk-sensitive policies and procedures, and failed to ensure its UAE branches applied UK equivalent AML and counter-terrorist financing controls.”

The United Kingdom Money Laundering Regulations 2007 (MLRs), according to the FCA, required SCB to take two specific types of actions.  First, it was required to “establish and maintain appropriate and risk sensitive policies and procedures to reduce the risk it may be used to launder the proceeds of crime, evade financial sanctions or finance terrorism.” Second, it had “to require its global (non-EEA) branches and subsidiaries to apply policies and procedures in relation to due diligence and ongoing monitoring that are equivalent to those required of”  SCB in the United Kingdom.

The FCA, however, found “significant shortcomings” in SCB’s own internal assessments of the adequacy of its AML controls, as well as “its approach towards identifying and mitigating material money laundering risks and its escalation of money laundering risks.” These failings, in the FCA’s judgment, exposed SCB “to the risk of breaching sanctions and increased the risk of Standard Chartered receiving and/or laundering the proceeds of crime.”  SCB’s reported failings “occurred in its UK Correspondent Banking business during the period from November 2010 to July 2013 and in its UAE branches during the period from November 2009 to December 2014.”

The FCA also provided several examples of the failings in question:

  • “opening an account with 3 million UAE Dirham in cash in a suitcase (just over £500,000) with little evidence that the origin of the funds had been investigated;
  • “failing to collect sufficient information on a customer exporting a commercial product which could, potentially, have a military application. This product was exported to over 75 countries, including two jurisdictions where armed conflict was taking place or was likely to be taking place; and
  • “not reviewing due diligence on a customer despite repeated red flags such as a blocked transaction from another bank indicating a link to a sanctioned entity.”

SCB’s agreement to accept the FCA’s findings meant that the bank qualified for a 30 percent discount that resulted in the £102,163,200 fine.  Absent the discount, the FCA stated that the fine would have been £145,947,500.

Note:  This fine against SCB for AML violations, coming on the same day that the U.S. Department of Justice announced the criminal settlement of more than $1 billion with SCB for Iranian sanctions violations, should serve as a cautionary tale for financial institution boards of directors and C-level officials.  Any financial institution in which more than one of its financial-crimes compliance programs has had serious failings during the same periods —  that is, sanctions from 2007 to 2011, and AML from November 2010 to July 2013 (correspondent banking) and from November 2009 to December 2014 (UAE) – cannot seriously claim that it had a culture of compliance during those periods, and should therefore expect penalties of this magnitude.

To understand more clearly the FCA’s findings and reasoning, financial-crime compliance officers should peruse the FCA’s Decision Notice in this case, and use its findings as points of comparison to evaluate the soundness of their own AML programs.  Among other findings, that Notice included a specific observation that

SCB’s failings are particularly serious because they occurred against a background of heightened awareness within SCB of issues with its global financial crime controls arising from action taken by US regulators and prosecutors, direct feedback from the Authority, and through its own internal assessments. In addition, throughout the Relevant Period, the Authority, along with the UK government as well as international and domestic governmental organisations, repeatedly issued communications regarding jurisdictions with a high risk of money laundering and/or financial crime.

Financial institutions should therefore recognize that regulators such as the FCA can and will take into account the cumulative knowledge of a financial institution about its financial-crimes risks, as well as the range of external and internal sources of that knowledge, in determining whether that institution should be held accountable for any lapses or failures of its financial-crimes compliance programs.

UniCredit Group Institutions Resolve Sanctions Investigation with Department of Justice, Agree to Pay More Than $1.3 Billion

On April 15, the United States Department of Justice announced that Munich-based UniCredit Bank AG (UCB AG) had agreed to plead guilty to conspiring to violate the International Emergency Economic Powers Act (IEEPA) and to defraud the United States, “by processing hundreds of millions of dollars of transactions through the U.S. financial system on behalf of an entity designated as a weapons of mass destruction proliferator and other Iranian entities subject to U.S. economic sanctions.”  UCB AG and another bank that is part of the UniCredit Group, Vienna-headquartered UniCredit Bank Austria (BA), agreed to enter into a series of settlements with federal and local departments and agencies, in which the banks agreed to pay a total of more than $1.3 billion.

With regard to UCB AG, the Department stated that

[a]ccording to court documents, over the course of almost 10 years, UCB AG knowingly and willfully moved at least $393 million through the U.S. financial system on behalf of sanctioned entities, most of which was for an entity the U.S. Government specifically prohibited from accessing the U.S. financial system.  UCB AG engaged in this criminal conduct through a scheme, formalized in its own bank polic[i]es and designed to conceal from U.S. regulators and banks the involvement of sanctioned entities in certain transactions.  UCB AG routed illegal payments through U.S. financial institutions for the benefit of the sanctioned entities in ways that concealed the involvement of the sanctioned entities, including through the use of companies that UCB AG knew would appear unconnected to the sanctioned entity despite being controlled by the sanctioned entity.

With regard to BA, the Department stated that

[a]ccording to admissions in the non-prosecution agreement and accompanying statement of facts, between 2002 and 2012, BA used non-transparent methods to send payments related to sanctioned jurisdictions such as Iran through the United States.  BA conspired to violate IEEPA and defraud the United States by processing transactions worth at least $20 million through the United States on behalf of customers located or doing business in Iran and other countries subject to U.S. economic sanctions or customers otherwise subject to U.S. economic sanctions.

The settlements into which the UniCredit institutions entered include the following:

  1. Department of Justice: UCB AG agreed to waive indictment and to be charged in and to plead guilty to a one-count felony criminal information charging it with knowingly and willfully conspiring to commit violations of IEEPA and to defraud the United States, from 2002 through 2011. The plea agreement with UCB AG provides that UCB AG is to forfeit $316,545,816 and to pay a fine of $468,350,000.  In addition, BA entered into a non-prosecution agreement to resolve an investigation into its violations of IEEPA, and agreed to forfeit $20 million.
  2. New York County District Attorney’s Office: UCB AG entered into a plea agreement with the New York County District Attorney’s Office (DANY) for violating New York State law, pursuant to which UCB AG will pay $316,545,816. BA also entered into a non-prosecution agreement with DANY for violating New York State law.
  3. Other Agencies: UniCredit SpA (the parent of both UCB AG and BA), UCB AG, and BA entered into various settlement agreements with the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the Board of Governors of the Federal Reserve System (the Federal Reserve) and the New York State Department of Financial Services (DFS). Under those agreement, the three financial institutions agreed to pay additional penalties of approximately $660 million as follows:  $611,023,421 to OFAC, which will be satisfied in part by payments to the Justice Department and the Federal Reserve; $157,770,000 to the Federal Reserve; and $405 million to DFS.

Note:  This series of settlements is noteworthy not only for the amount of the sanctions-related financial penalties that UniCredit entities agreed to pay, or the duration of the scheme, but for the fact that UCB AG’s sanction-evasion scheme was formalized in UCB AG’s own policies.  That latter fact strongly indicates a serious dereliction of duty by UCB AG’s legal and sanctions-compliance functions.  No company that explicitly articulates a commitment to evasion of legal requirements in its policies can claim to have a culture of compliance.  Other financial institutions should therefore use this set of settlements, at an appropriate time, as a basis for reviewing their own policies, to see that no provisions on those policies even suggest how their institutions should circumvent or violate any legal requirements.

Carnegie Endowment Paper Highlights Concerns with Bahrain’s Fragility and Its Security Sector Procurement

Recently, the Carnegie Endowment for International Peace published a paper by Jodi Vittori, a nonresident scholar in Carnegie’s Democracy, Conflict, and Governance Program, on “Bahrain’s Fragility and Security Sector Procurement.”  Vittori’s analysis addresses three principal topics:

(1)  The Political and Economic Anatomy of the Bahraini Regime: Vittori identifies three factors that she terms the pillars of Bahraini regime survival: (i) the Sunni royal family’s maintenance of its power “through absolute control over politics”; (ii) the monarchy’s selective distribution of patronage “from oil rents to preserve a small but crucial coalition of supporters, particularly within the security sector”; and (iii) the regime’s deliberate exploitation of sectarian divisions and institutionalization of sectarian cleavages.” She also notes that the monarchy’s control of state resources and of information about those resources – including oil and gas revenues, the Bahraini sovereign wealth fund, and tax revenues – provides “a massive, unaccountable slush fund for whatever the monarchy chooses to spend it on, including expensive security sector purchases.”

(2)  The Regime’s Discontents: Sectarian and Cross-Sectarian Grievances: At the same time, the regime is the focus of both sectarian and cross-sectarian grievances, stemming from both “[t]he regime’s increasingly authoritarian behavior” and the country’s poor economy. Vittori notes, for example, that “[d]espite the roughly $50,000 per capita GDP, wages have been flat and the median income is only $13,300 per year for private sector jobs and $18,600 for public sector ones.”

(3) Bahrain’s Security Sector and Risks to Stability: Vittori states that “[t]he Bahraini security sector is essential to maintaining the monarchy’s power.” But she also recognizes that foreign powers – most notably Saudi Arabia and the United States – “play an outsized role in Bahrain’s security.”  Particularly noteworthy is the relationship of the security sector to the United States.  Vittori estimates that about 85 percent of Bahrain’s weapons come from the United States.  In particular, “[j]ust the known U.S. purchases between September 2017 and September 2018 amount to $6.22 billion, or over four and a half times the publicly declared $1.4 billion defense budget for 2017.

Vittori further states that “[t]he lack of transparency and oversight in Bahrain’s defense procurement process raises the likelihood that this multi-billion-dollar budget is rife with corruption.”  The government “exempts all military procurement from public tender,” the Parliament and the National Audit Court cannot examine the security sector, there are “no restrictions on the use of agents or intermediaries in procurement contracts . . . and no anticorruption requirements for suppliers,” and the government metes out severe punishment to “anyone in the country publicizing any information about corruption associated with the security sector . . . .”  Vittori concludes that “[]he very high levels of spending for Bahrain’s security sector and significant risk of corruption therein pose a risk to the country’s economic and political stability.”

In light of the “tremendous leverage” that the United States and other Western nations have over Bahrain, Vittori offers a number of recommendations that focus on security sector procurement reform.  These include influencing Bahrain to publish a national security strategy, Western governments’ insistence “on extra scrutiny of all contracts associated with Bahrain,” encouraging Bahrain to develop a timeline and actin plan for adherence to international contracting standards, requiring the Bahraini government to submit audited statements of security-sector procurement, and using U.S. leverage over Bahraini procurement to press for reforms.

Note: Anti-bribery and corruption compliance teams strategic and political risk teams in aerospace and defense companies, or in companies with other operations in the Middle East, should read this paper for its general observations about the operations of the Bahraini monarchy, and for its insights into the significant potential for corruption in the Bahraini security sector.  Although, as Vittori commented, “[t]he Bahraini monarchy does not permit much social science research,” her paper has drawn on an extensive array of open-source materials for a nuanced analysis of the issues.

Fintech: Is There Expansion at the Expense of Risk and Compliance?

On April 11, Bloomberg reported on the contrasting growth plans of traditional financial firms and fintech companies in Europe.  Even as a bevy of financial firms in Europe and North America are cutting or expecting to cut staff, Société Générale SA, fintech in the United Kingdom saw a 61 percent increase in new fintech roles last year, and “hired aggressively in the first quarter” according to Ollie Sexton, a principal at the recruiting firm Robert Walters.

While United Kingdom fintech jobs numbered only 76,500 in 2018, the City of London projects that that number to increase to 105,500 job by 2030.  Noting that many fintechs are working to make dramatic changes in the financial industry, Sexton said that a “large proportion of jobseekers and those open to taking new positions are looking to join startups experiencing hockey stick growth rather than companies making large-scale redundancies or going through an internal restructure.”  At the same time, Sexton commented that in 2019 “firms have focused on the tech side of fintech, adding developers and engineers instead of bulking up in financial functions like risk and compliance.”

Note: Financial-industry observers – including risk and compliance officers at firms doing business with fintech companies – should take note of this article.  If fintech entrepreneurs, in the United Kingdom and elsewhere, aggressively seek to expand operations and market share without providing proportional increases in staffing and funding for risk and compliance functions, they may be setting their companies up for significant compliance problems in short order.

Recent events in the fintech world bear that out.  As the Bloomberg article correctly recognized, just last month United Kingdom fintech company Revolut attracted the attention of the Financial Conduct Authority and the media because of concerns about the company’s sanctions screening process.  In addition, according to Handelsblatt, earlier this week the German financial regulator BaFin identified numerous deficiencies at smartphone bank N26 that N26 is required to address as soon as possible.  Those deficiencies reportedly included instances of external fraud against N26 customers and poor accessibility when other financial institutions sought to contact N26 about fraudulent transfers.

Consequently, financial firms that may be interested in doing business with, or even acquiring, a fintech firm should be prepared to ask detailed questions to determine the true state of the fintech firm’s compliance programs.  Every unicorn, no matter how attractive, may have a sharp horn, and passionate predictions about future growth and profitability are no substitute for facts in calculating risks.

U.S. Department of Justice Obtains Indictment of Pharma Firm Indivior for Fraudulently Marketing Prescription Opioid, Seeks At Least $3 Billion

On April 9, the United States Department of Justice announced that a federal grand jury in the Western District of Virginia had returned an indictment charging United Kingdom-based Indivior PLC (formerly known as Reckitt Benckiser Pharmaceuticals Inc.) and Indivior PLC (Indivior) with “engaging in an illicit nationwide scheme to increase prescriptions of Suboxone Film, an opioid drug used in the treatment of opioid addiction.”

The Department stated that according to the 47-page indictment,

Indivior obtained billions of dollars in revenue from Suboxone Film prescriptions by deceiving health care providers and health care benefit programs into believing that Suboxone Film was safer, less divertible, and less abusable than other opioid-addiction treatment drugs. Indivior also is alleged to have sought to boost profits by using a “Here to Help” program to connect opioid-addicted patients to doctors the company knew were prescribing opioids at high rates and in a clinically unwarranted manner.

The indictment also alleged that

Indivior developed Suboxone Film around 2007 as a patent-protected alternative to the tablet form of Suboxone, which was then about to face generic drug competition. The primary ingredient in both Suboxone Film and tablets is buprenorphine, a highly potent opioid. Indivior promoted Suboxone Film as safer and less-divertible than its tablet form, even though the company lacked any scientific evidence to support those claims. In particular, Indivior aggressively marketed Suboxone Film, without an established basis, as having a “lower risk of child exposure” and a “less divertible/abusable formulation.”  Indivior made these and other false and misleading claims in marketing materials and through representations to physicians, pharmacists, and health care benefit programs throughout the country. The indictment also alleges that, to further its scheme, Indivior announced a “discontinuance” of its tablet form of Suboxone based on supposed “concerns regarding pediatric exposure to” tablets, when in fact Indivior executives knew the primary reason for the discontinuance was to delay the Food and Drug Administration’s approval of generic tablet forms of the drug.

In addition, according to the Department, Indivior allegedly “used its ‘Here to Help’ internet and telephone program as part of its scheme to induce physicians to write prescriptions for Suboxone Film.” Although it touted the program as a resource for opioid-addicted patients, Indivior allegedly “used the program in part to connect patients to doctors it knew were prescribing Suboxone and other opioids to more patients than allowed by federal law, at high doses, and in suspect circumstances.” The indictment also alleges “that Indivior executives and employees knew from statistical and numerous firsthand reports that some doctors in the Here to Help referral system were issuing prescriptions in a careless and clinically unwarranted manner.”

The indictment charges Indivior with a total of 28 felony counts consisting of conspiracy to commit mail fraud, wire fraud, and health care fraud, and substantive counts of health care fraud, mail fraud, and wire fraud.  It also contains a notice of forfeiture that indicates that the Department is seeking via forfeiture (1) a monetary judgment of not less than $3 billion, (2) seven Indivior-related business entities and all assets, inventory, and property related thereto (i.e., Indivior Finance (2014) LLC; Indivior Finance SARL; Indivior Global Holdings Ltd (a/k/a RBP Global Holdings Limited); Indivior Inc. (a/k/a Reckitt Benckiser Pharmaceuticals Inc.); Indivior PLC; Indivior Solutions Inc. (a/k/a Reckitt Benckiser Pharmaceuticals Solutions Inc.); and Indivior US Holdings Inc_. (f/k/a RBP US Holdings Inc.); (3) certain specified Indivior-related bank accounts; (4) and certain specified trademarks and patents.

In response, Indivior issued a lengthy press release, in which it stated that it was

extremely disappointed in this action by the Justice Department, which is wholly unsupported by either the facts or the law. Key allegations made by the Justice Department are contradicted by the government’s own scientific agencies, they are almost exclusively based on years-old events from before Indivior became an independent company in 2014, and they are wrong. The department has apparently decided it would rather pursue self-serving headlines on a matter of national significance than achieve an appropriate resolution, but we will contest this case vigorously and we look forward to the full facts coming out in court.

The press release, which set forth specific rebuttals to the indictment’s allegations, stated that Indivior “has cooperated extensively with the Justice Department’s investigation for several years” and had

turned over millions of pages of documents and spent extensive time explaining the company’s operations to the department. In the interest of resolving this matter and providing certainty to our shareholders, we have made numerous attempts to reach a settlement that went far beyond what we believe the facts of this case support. It is unfortunate the Justice Department decided to choose an alternative path, but we will fight these allegations on the facts and on the law in court, and we are confident of our position.

Indivior’s former parent, Reckett Benckiser Pharmaceuticals, issued a separate statement in which it briefly stated that the indictment “is not against RB Group Plc or any other group company and we currently have no additional or new information in respect of this matter, apart from what has been publicly issued by the Department of Justice and Indivior Plc.”

Note: This indictment represents the second major case that the Justice Department has brought in this Administration against pharma companies for allegedly fraudulently marketing and promoting opioids.  In the first case, involving Insys Therapeutics, the Justice Department last year joined a series of whistleblower lawsuits against Insys, and is now awaiting the jury’s verdict in a criminal racketeering case against Insys founder John Kapoor and other former Insys executives.

Despite Indivior’s aggressive press response to the indictment, its share price, which The Times reported “had already declined sharply over the past year,” plummeted 73 percent in one day to 28p.  According to The Times, one U.S. brokerage firm has opined that Indivior did not have the financial resources to pay a $3 billion fine.  Since Indivior had previously stated that it had “set aside $438 million to cover legal matters, most of which relates to the [Department’s] investigation” and Reckitt had separately reserved £303 million ($390 million) in connection with the investigation, those numbers may be closer to what the Department ultimately would seek from both companies in any further settlement negotiations.