NEW YORK (Thomson Reuters Regulatory Intelligence) - The former chief compliance officer for MoneyGram International has agreed to a three-year injunction barring him from performing a compliance function for any money transmitter and to pay a $250,000 penalty for anti-money laundering (AML) failures, in a settlement announced on May 4(here by the U.S. Treasury Department the U.S. Attorney’s Office for the Southern District of New York.
As part of the settlement, Thomas Haider, the former CCO for MoneyGram International, admitted to violations including:
— Failing to terminate specific MoneyGram outlets after being presented with information that strongly indicated that the outlets were complicit in consumer fraud schemes;
— Failing to implement a policy for terminating outlets that posed a high risk of fraud; and
— Structuring MoneyGram’s AML program so information that MoneyGram’s fraud department had aggregated, including the number of reports of consumer fraud that had accumulated over a specific time period, was not generally provided to the MoneyGram analysts who were responsible for filing suspicious activity reports (SARs) with FinCEN.
Haider’s lawyers argued that the Bank Secrecy Act (BSA), governing his violations, did not allow individuals to be held responsible for corporate AML failures.
Federal judge David Doty, however, cited language in the BSA allowing penalties against a “partner, director, officer, or employee.”
“The plain language of the statute provides that a civil penalty may be imposed on corporate officers and employees like Haider, who was responsible for designing and overseeing MoneyGram’s AML program,” Doty said.
In the settlement order, FinCEN acknowledged the pivotal role that CCOs play in their businesses when it comes to preventing and detecting an array of financial crime activity.
“FinCEN relies on compliance professionals from every corner of the financial industry,” said Acting FinCEN Director Jamal El-Hindi. “FinCEN and our law enforcement partners need their judgment and their skills to effectively fight money laundering, fraud, and terrorist financing. Here, despite being presented with various ways to address clearly illicit use of the financial institution, the individual failed to take required actions designed to guard the very system he was charged with protecting, undermining the purposes of the BSA,” El-Hindi said.
“Holding [Haider] personally accountable strengthens the compliance profession by demonstrating that behavior like this is not tolerated within the ranks of compliance professionals,” he said.
Haider's penalty was one of the largest fines ever imposed by FinCEN on an individual(here), a FinCEN spokesman said.
In a 2012 Department of Justice (DOJ) settlement on BSA charges(here), Dallas-based MoneyGram paid $100 million to compensate fraud victims.
Outside fraudsters had told victims they had won the lottery or been hired for a “secret shoppers” program. Others were duped to believe they had been approved for a guaranteed loan or had won a cash prize.
The fraudsters convinced victims to use MoneyGram’s transfer system to send them up front taxes, customs duties, or processing fees. Many of their victims were elderly.
The government said Haider could have stopped the fraud, as he was the CCO of MoneyGram’s compliance and anti-fraud department from 2003 to 2008, during the time period the fraud occurred.
In December 2014, FinCEN issued a $1 million civil penalty(here) against Haider for failing to ensure that his company abided by the AML provisions of the BSA. The U.S. Attorney’s Office for the Southern District of New York then filed its own criminal case in U.S. District Court that sought to enforce the penalty and to enjoin Haider from employment in the financial industry.
The case was transferred to Minneapolis and to Doty, where Haider moved to dismiss the action.
In the settlement, Haider admitted that he failed to investigate and put an end to the behavior of specific MoneyGram units “after being presented with information that strongly indicated that the outlets were complicit in consumer fraud schemes.”
Haider told news outlets following the May 4 decision that proposals made by MoneyGram’s fraud department to terminate and discipline agents at its outlets had been blocked by the company’s sales division.
He said MoneyGram’s AML program had been audited by state regulators more than three dozen times, which the 2012 DOJ settlement order acknowledges.
“The AML compliance program was deemed satisfactory by the regulators as well as the outside expert consultants,” he said.
This case and the penalties against Haider represent a telling push by the U.S. government to impose personal liability on compliance professionals over corporate-wide shortfalls — where blame quite possibly could have been spread among a number of executives.
And given El-Hindi’s statement, it is clear the government’s pursuit of Haider is a strongly worded message to the compliance industry.
CCOs, AML AND PENALTY LIABILITY
Regulators have made a fundamental shift to focus on the performance of those persons considered supervisors at firms — including senior compliance personnel — in an effort to promote more rigorous oversight of compliance programs in financial services firms.
Although the attention paid to the position by corporate leaders and industry authorities is driving up the salaries and demand for top-notch compliance professionals, scrutiny of their work is underscoring the need for such professionals to keep on top rulemaking, regulatory examination priorities and industry practices to remain individually free of liability.
In May 2016, the Financial Industry Regulatory Authority (FINRA) suspended a Raymond James chief anti-money laundering compliance officer, Linda Busby, for three months and fined her $25,000 for her role in BSA violations for which the company and she were held responsible.
In its press release outlining the case(here), FINRA said that Raymond James failed over several years to detect suspicious activity in client investment accounts and to report it to government authorities.
Raymond James’ processes to prevent money laundering failed to grow in step with the business’ growth over an eight-year period, FINRA said. The company relied on a “patchwork” of procedures and systems to detect suspicious activity, missing red flags and failing to investigate others, FINRA said.
According to FINRA, the firm and Busby repeatedly failed to properly investigate suspicious behavior of certain clients, even when evidence that the U.S. Treasury Department had sanctioned those parties was readily available.
Like the Raymond James-Busby case, Haider’s case highlights a sharp focus on the accountability of compliance professionals and on the widening scope of anti-money laundering enforcement at regulatory and law enforcement agencies.
Failures to detect, investigate and, where appropriate, report suspicious activity that could possibly constitute money laundering to the proper authorities are signs of a deficient AML program. Such failures to act, when repeatedly demonstrated, give regulators reason to hold certain individuals liable, as well as companies.
Establishing a global policy across subsidiaries and branches is a challenge, but having a firm-wide AML policy is essential. Equally important is implementing the policy at a local level with the training, reporting and parent-company oversight necessary to make the policy one that employees can use and reference in their jobs.
Enhanced transaction monitoring systems and KYC programs should be a priority, whether the firm uses internally developed systems or those developed externally. Either method should involve close monitoring, with some particularly risky transactions flagged for further review, possibly using other technology and even old-fashioned manual review methods, for comparison purposes.
The best advice for compliance officers and other executives to avoid charges of personal liability is to create and maintain a personal file of evidence to demonstrate both firm-wide and individual compliance with all regulatory expectations.
This evidence of their understanding of the rules and their firm’s business practices, along with detailed accounts of their regular inspections of activities, can help showcase a proactive and vigilant compliance program. The failure to document that a compliance program exists often is what leads to such penalties against compliance personnel personally.
Compliance officers can also help insulate themselves from liability by making sure the top executives are aware and reminded often of what the rules require, as well as the risks and consequences of not adequately addressing an AML concern.
These CCOs may not be able to control what the executives do with this information — but if they are doing what they make them aware that the concerns should receive serious consideration, it can go a long way to showcase their individual commitment to AML compliance and their effort to put risk monitoring ahead of immediate profit-making.
FinCEN made the former MoneyGram compliance officer’s inaction in the face of known illicit activity the center of their allegations. When compliance officers lack the authority to make business decisions on myriad transactions around the globe, they must educate those who have that authority on how the illicit activity could damage the firm.
This latter point is underscored in a directive instituted on June 30, 2016(here) by the New York State Department of Financial Services (NYDFS), which, among other things, requires regulated institutions’ boards of directors or senior officer(s) to make annual certifications to the NYDFS Superintendent confirming that they have taken all steps necessary to ascertain compliance with the Department's Transaction Monitoring and Filtering Program requirements.
The Transaction Monitoring and Filtering Program requirements went into effect on January 1 this year, and regulated institutions are required to file their first annual compliance certification by April 15, 2018.
Senior leadership buy-in is essential; whether it involves improving internal controls, allocating additional funds or hiring more compliance staff, serious deficiencies are rarely addressed without such high-level involvement.
Today’s heightened focus on personal accountability requires AML compliance officers to redouble the involvement of senior management in the institution’s compliance regime, document the efforts to do so, and enhance the strength of the information technology, monitoring processes, and other resources the organization has allocated to the AML program.
(Julie DiMauro is a regulatory intelligence expert in the Enterprise Risk Management division of Thomson Reuters Regulatory Intelligence. Follow Julie on Twitter @Julie_DiMauro. Email Julie at firstname.lastname@example.org)
This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on May. 15. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters