On March 4, 2020 issued a settlement agreement with U.S. Bank’s former Chief Operational Risk Officer Michael LaFontaine whereby FinCen fined Mr. LaFontaine $450,000 and banned him from a compliance role for six years. The settlement agreements state the reason for the actions is due to “his failure to prevent violations of the Bank Secrecy Act (BSA) and regulations issued pursuant to that Act which occurred at the Bank during his tenure.” The documents go on to state, “Among other things, Mr. LaFontaine failed to take sufficient steps to ensure that the Bank’s compliance division was appropriately staffed to meet regulatory expectations.” and that “Mr. LaFontaine participated in these violations, and that the conduct of the Bank and Mr. LaFontaine demonstrated recklessness or reckless disregard.”
“By executing the CONSENT, Mr. LaFontaine has represented and agreed that, for a period of six years, beginning on the date he left employment with the Bank in June 2014, and continuing until February 26, 2020, he has not performed a compliance management function for any “financial institution,” as the term is defined at 31 C.F.R. § 1010.100(t).”
The settlement agreement comes just over two years after various federal agencies entered into settlement agreements with U.S. Bancorp and affiliates on related matters.
U.S. Bancorp/U.S. Back Settlements
“On February 15, 2018, U.S. Bancorp, US Bank’s parent corporation, entered into a Deferred Prosecution Agreement (“DPA”) with the Criminal Division of the United States Attorney’s Office for the Southern District of New York based on charges that, beginning no later than 2009 and continuing until 2014, it, through the Bank, willfully failed to implement an effective AML program, in violation of 31 U.S.C. § 5318(h), and failed to file SARs, in violation of 31 U.S.C. § 5318(g).” As a requirement of the DPA U.S. Bancorp forfeited $528 million.
On February 15, 2018 Financial Crimes Enforcement Network (“FinCen”) of the U.S. Treasury Department entered into a settlement agreement with U.S. Bank National Association (“U.S. Bank”) accessing a civil penalty of $185 million for purported violations of the Bank Secrecy Act. This fine was after U.S. Bank had paid a fine in the amount of $75 million to the bank’s federal functional regulator Office of Controller of the Currency (“OCC”) also in February of 2018 related to Anti-Money Laundering deficiencies.
Total amount of corporate fines: $846 million. U.S. Bancorp’s 2019 net income was $6.9 billion.
Personal actions and statements
The underlying problem as alleged by FinCen was that U.S. Bank failed to maintain adequate internal controls because it failed to conduct risk-based monitoring of its customers’ accounts. In addition, “U.S. Bank also had inadequate staffing levels and outdated systems to conduct appropriate monitoring and due diligence, manage alerts for suspicious activity, and handle law enforcement inquiries.” These two failures are related in that the “Bank failed to address the numerical caps (a method implemented by the Bank to limit investigation alerts) because those fixed caps permitted the Bank to hire fewer employees and investigators in its AML department.”
What one can see by analyzing both the corporate settlement agreements and the settlement agreement with Mr. LaFontaine was there was a considerable amount of focus on decisions made by Mr. LaFontaine as well as communications with and by Mr. LaFontaine.
In Mr. LaFontaine’s role as Chief Operational Risk Officer he reported directly to the Chief Executive Officer and the Board. He supervised the Bank’s Chief Compliance Officer, AML Officer (AMLO), and AML staff. Mr. LaFontaine had previous roles as Chief Compliance Officer and Deputy Risk Officer prior to being made Chief Operational Risk Officer. He had been with the bank for over 15 years.
In 2010 there was a well-known regulatory action taken against Wachovia Bank related to the bank implementing caps on the number of alerts their automated monitoring system was generating. Not only did implementing caps lead to under-reporting of suspicious transaction reports (STR) and currency transaction reports (CRT) it also capped the number of personnel required to do the work associated with STRs and CRTs. FinCen specifically cites the Wachovia matter in the settlement agreement by stating, “Mr. LaFontaine should have known based on his position the relevance of the Wachovia action to U.S. Bank’s practices or conducted further diligence to make an appropriate determination.”
A few notable excerpts from the settlement agreement:
- “From 2007 through 2014, due in part to the actions of its CCO, U.S. Bank failed to designate sufficient resources, in terms of staff levels, budget, and systems commensurate with the Bank’s AML risks inherent in its size, complexity, products and services.”
- “Notably, in December 2012, the new AMLO emailed the CCO with concerns about monitoring in connection with the above-referenced money transmitter. In response, the CCO dismissed the new AMLO’s concerns and chastised him for recording them in an email.”
- “In 2013 memo, the AMLO described U.S. Bank’s AML program as an effort to use “smoke and mirrors” to “pull the wool over the eyes” of the OCC.”
- “Prior to the meeting with the CEO, Mr. LaFontaine reviewed the PowerPoint (a presentation that highlighted the program deficiencies), yet failed to raise the issue of the alert caps with the CEO during the meeting, choosing instead to prioritize other compliance-related issues.”
- “The new CCO told Mr. LaFontaine the issues were so significant that they should be acting as though the Bank was under a virtual OCC consent order. Again, Mr. LaFontaine failed to take sufficient action when presented with significant AML program deficiencies.”
- “U.S. Bank’s CCO and AMLO were fully aware of the situation, as compliance and human resources employees raised related concerns for several years but the Bank ignored those concerns.”
- “Instead of providing the needed resources, the CCO chose to tailor its monitoring process and alert reviews to fit the capability of its understaffed BSA Department.”
- “Mr. LaFontaine failed to take sufficient action when presented with significant AML program deficiencies in the Bank’s SAR-monitoring system and the number of staff to fulfill the AML compliance role by his AMLO.”
- During that time, U.S. Bank had AML leadership that failed to actively support compliance efforts, manage and mitigate BSA deficiencies, and ensure that risk mitigation were not compromised by revenue interests.
- “the AMLO bypassed Mr. LaFontaine and sent an email to the Bank’s then-Chief Risk Officer referencing the alert caps issue.”
- “The Bank did not begin to address its deficient policies and procedures for monitoring transactions and generating alerts until June 2014, when questions from the OCC and reports from an internal complainant caused the Bank’s Chief Risk Officer to retain outside counsel to investigate the Bank’s practices.”
Federal regulators are continuing their march toward individual accountability for corporate wrongdoing. There are several unknowns from just reading these settlement agreements. However, as we piece together some of the information a number of familiar themes are present.
There are a direct ties in looking at individual accountability and some of the elements of an effective compliance program as outlined in chapter eight of the US Sentencing Commissions Sentencing Guidelines. First, were there senior level personnel accountable for the overall compliance function. By all accounts the answer is yes. This issue appears to be an issue of the acts and actions of that high-level person.
Second, is the sufficiency of resources for the compliance function. The settlements refer to the construction of the alert system being designed with one of the key factors to be keeping compliance headcount down. This appears to be an overt act to undermine sufficient resourcing of compliance staff.
Third, while the high-level executive had direct reporting relationships with the CEO and Board it appears that person purposely withheld information about the known deficiencies in the programs.
The drumbeat is getting louder, and the federal agencies appear to be more inclined than ever to air communications and make inferences from those communications. In Mr. Lafontaine’s agreement FinCen goes out of its way to point out, “FinCEN has the authority to investigate and impose civil money penalties on financial institutions that willfully violate the BSA, and on current and former employees who willfully participate in such violations.” In the U.S. Bank settlement it is noted that, “In civil enforcement of the BSA under 31 U.S.C. § 5321(a)(1), to establish that a financial institution or individual acted willfully, the government need only show that the financial institution or individual acted with either reckless disregard or willful blindness.” And willful blindness in a known phrase in criminal matters.
Be diligent, be competent, be safe. Illegitimi non carborundum.