A $250,000 Settlement with FinCEN Puts AML Compliance Officers in the Cross-Hairs

MoneyGram’s ex-Chief Compliance Officer, Thomas Haider, on May 3 settled alleged anti-money laundering (AML) compliance violations with the U.S. Department of the Treasury's Financial Crimes Enforcement Network for $250,000, according to announcements by FinCEN and U.S. Attorney’s Office for the Southern District of New York. It appears to be the largest penalty FinCEN ever has imposed on an individual. The settlement resolves an action that FinCEN brought in federal district court to enforce its penalty against Haider, and also Haider’s counter-claim that the Government violated the Privacy Act by leaking details of its investigation to the media. This appears to be the first time that FinCEN has sought penalties against an individual for mismanagement of an AML compliance program, and only the second time FinCEN has sued to enforce a civil penalty. Haider also agreed to be enjoined from performing compliance functions for a money transmitter for a period of three years.

The settlement comes four months after the United States District Court for the District of Minnesota denied Haider’s motion to dismiss FinCEN’s complaint, rejecting in particular his argument that the Bank Secrecy Act (BSA) did not allow penalties against individual employees of a financial institution for the institution’s willful violations of the BSA’s requirement to implement an effective AML program. FinCEN’s complaint was based on previous allegations that MoneyGram failed to file suspicious activity reports (SARs) or to discipline agents despite repeated evidence of fraud against MoneyGram customers in which those agents appear to have colluded. These allegations included events from 2003 to 2008, and ultimately led to MoneyGram entering into a deferred prosecution agreement (DPA) with the Department of Justice in 2012 and agreeing to forfeit $100 million. FinCEN brought its complaint against Haider two years later, in 2014. The complaint alleged that Haider willfully failed to ensure that MoneyGram implemented an effective AML program, in particular by failing to discipline or terminate MoneyGram agents and outlets that presented a high risk for fraud, and also that he willfully failed to ensure that MoneyGram filed SARs on reports of fraud or money laundering through these agents as required by the BSA. (See our previous alert on the complaint and the district court’s opinion here.) 

The settlement amount of $250,000 is less than the $1 million FinCEN sought in its Complaint. The agreed injunction also is narrower than the government’s request in the complaint that Haider be barred from “participating, directly or indirectly, in the conduct of the affairs of any financial institution” for a period of years to be determined at trial. And FinCEN did not obtain an admission from Haider that he willfully violated the BSA, something that FinCEN has sought and obtained in recent settlements against both individuals and institutions. However, the amount is far more than reported AML settlements for individuals with other financial regulators, and appears to be the largest paid by an individual to date.

FINRA historically has been the most active regulator in assessing penalties against individual AML compliance personnel. A former global AML chief compliance officer of Brown Brothers Harriman (BBH) and a former AML compliance officer at Raymond James & Associates (RJ) each settled for $25,000 with FINRA in 2014 and 2016, respectively. For purposes of comparison, BBH paid $8 million and RJ paid $17 million to settle the related corporate enforcement actions. The SEC also has prioritized individual accountability, highlighted by an October 2016 enforcement action against the CEO of a Miami-based brokerage firm which resulted in a $50,000 individual settlement. The decision to pursue the CEO was driven by the SEC’s finding that he was ultimately responsible for its AML program and supervision of the firm’s AML officer. Haider’s $250,000 settlement with FinCEN is enough to strike fear into the hearts of AML compliance officers at all financial institutions. 

That is particularly true for compliance officers at financial institutions also regulated by New York’s Department of Financial Services, which in June of 2016 adopted new AML rules requiring one or more “senior officers” (which is likely for many institutions to include their chief AML officers) to certify annually that the institution’s AML programs have various mandatory elements similar to those required under federal law, with potential penalties for “false” certifications. In cases where AML officers are deemed to have “willfully” violated BSA rules by failing to properly maintain aspects of their institution’s AML programs, they may risk accusations from the NYDFS that their certifications about the adequacy of these programs were false. (See our alert on the NYDFS rule here.)

Practical Considerations

Two aspects of the Haider settlement provide special guidance to AML compliance officers. First, the settlement notes that Haider chose not to implement a draft policy to discipline or terminate agents with high reported incidents of fraud in part because of opposition from the company’s Sales Department. Second, the fraud and money laundering activity occurring through specific MoneyGram agents was not reported to FinCEN in SARs in part because MoneyGram’s Fraud Department, also under Haider’s management, did not share information on agents that had been the subject of disproportionate reports of fraud with its AML Compliance Department. This also prevented AML Compliance Department staff from targeting audits to address such activity, a further basis for the AML program failures attributed to Haider.

The first lesson that comes from this resolution is that financial institutions need to empower their AML compliance officers to ensure that the goals of sales and other company departments do not prevent the company from making sound compliance decisions and avoiding costly fines. This is consistent with FinCEN’s 2014 guidance recommending a “culture of compliance,” which calls for such empowerment of AML compliance officers. Second, this case makes it clear that FinCEN expects AML compliance officers to stand firm in demanding compliance-related changes to address situations that put the company at risk. In cases where a decision may be overruled by concerns other than compliance, AML compliance officers should document their requests that particular actions be taken to ensure compliance, as well as the rationales for those requests. Third, financial institutions should avoid silos in the sharing and processing of internal alerts, in particular the alerts of internal fraud departments, to ensure that circumstances that merit a SAR are seen by the right people and are reported. Finally, the successful collaboration between FinCEN and the U.S. Attorney’s Office in this case is likely to embolden FinCEN to continue pursuing penalties against individuals for AML program and other violations in egregious cases. This is especially relevant following DOJ’s 2015 “Yates Memo,” which provides an incentive for financial institutions to identify individuals responsible for alleged misconduct in order to receive cooperation credit in criminal cases. In future criminal prosecutions by DOJ of financial institutions for AML program and SAR violations, it is possible to imagine more circumstances where FinCEN will collaborate with DOJ to impose civil penalties on culpable individuals (who also potentially may face prosecution by DOJ).