With its $613 million fine, U.S. Bancorp joins a growing list of large banks guilty of Bank Secrecy Act and anti-money laundering, or BSA/AML, issues. As regulatory scrutiny on BSA/AML violations increases, large banks are facing the financial and strategic consequences of failing to grow their compliance systems at the same pace at which they grow their businesses.
On Feb. 15, regulators said U.S. Bancorp unit US Bank NA failed to maintain reports of suspicious transactions and attempted to operate a compliance system "on the cheap." The Financial Crimes Enforcement Network, found that the country's fifth largest bank by market capitalization capped the number of suspicious activity alerts to match staffing levels and resources.
In the last five years, regulators have come down on large banks failing to address cease and desist orders by improving the ways they document and report suspicious activity. In 2014, the U.S. Department of Justice, the Federal Reserve, the New York Department of Financial Services, and the U.S. Treasury Department notably teamed up on an $8.97 billion settlement with Paris-based BNP Paribas SA, for processing financial transactions to countries subject to U.S. economic sanctions. That same year, regulators announced they would be collecting $2.05 billion from JPMorgan Chase & Co. for failing to report suspicious transactions related to Bernard Madoff's Ponzi scheme.
More recently, Dutch lender Rabobank's U.S. subsidiary, Rabobank NA, agreed to pay $368.7 million for skipping BSA/AML review of transactions related to international narcotics trafficking, organized crime and money laundering.
Daniel Stipano, partner at Buckley Sandler and former deputy chief counsel at the Office of the Comptroller of the Currency, said in an interview that for its part, the OCC has been trying to wrap up legacy cases. In the last eight to 10 years, Stipano has seen a trend of cease and desist orders at large banks going unresolved for years.
Fines aside, a failure to quickly resolve a cease and desist order can have large impacts. Buffalo, N.Y.-based M&T Bank Corp. was forced to delay its acquisition of Hudson City Bancorp Inc. for over three years after regulators unearthed BSA issues in 2013. Four years after the Fed issued its agreement to address compliance problems, it freed M&T Bank from its enforcement action. The delayed merger has been a cautionary tale of why banks need to do due diligence on BSA/AML compliance before agreeing to a deal.
Jason Chorlins, principal and banking practice leader at advisory firm Kaufman Rossin, said in an interview that large civil money penalties appear to correspond with enforcement actions that go unresolved for longer. But for large banks, resolving the issues in a timely manner can be challenging not only because the company manages billions of transactions, but because those transactions may be siloed in various separate entities.
"The tone from the top is where it all starts," Chorlins said, adding that he has not seen management at many large banks properly step up to change a corporate attitude toward BSA/AML compliance.
In 2015, instead of correcting BSA/AML issues at its Banamex USA unit, Citigroup Inc. opted to wind down the entire subsidiary, although the company said the decision was based on efforts to simplify its business model.
There are a handful of large banks currently working through outstanding BSA/AML issues: Capital One Financial Corp., BB&T Corp. and State Street Corp. BB&T received its consent order in January 2017, and has quickly moved to upgrade its BSA/AML system. On an earnings call Jan. 18, 2018, BB&T Chairman and CEO Kelly King said that the company has reached the "ninth inning" of correcting its compliance practices, but admitted that there is never a guarantee of expedited freedom from a cease and desist.
"Obviously, over time, depending on what the regulators require, you'll always be continuing to tweak and improve that as you go along," King said, according to the transcript.