Industrial Bank of Korea Agrees to a Deferred Prosecution Agreement and $86 Million in Penalties for Violations of the Bank Secrecy Act That Allowed Evasion of Sanctions on Iran

On April 20, 2020, the U.S. Attorney for the Southern District of New York (SDNY) announced that the Industrial Bank of Korea (IBK) agreed to a deferred prosecution agreement (DPA) and $51 million penalty related to a one-count felony information charging IBK with violating the Bank Secrecy Act (BSA). On the same day, the New York Department of Financial Services (DFS) announced a consent order with IBK, including a separate $35 million penalty, and the New York Attorney General (NYAG) announced a non-prosecution agreement, with respect to the same conduct.

The agreements relate to failures by IBK to administer an effective anti-money laundering program at its New York branch (IBKNY) over an extended period, during which time a U.S. citizen, Kenneth Zong, and various co-conspirators, including several Iranian nationals, allegedly were able to transfer more than $1 billion from IBK accounts through U.S. financial institutions, including IBKNY, in violation of U.S. sanctions against Iran.  

The one-count information charged only a violation of the BSA, and did not charge IBK with causing a violation of, or IBKNY with violating, U.S. sanctions on Iran under the International Emergency Economic Powers Act (IEEPA).

SDNY’s Deferred Prosecution Agreement

The SDNY charged IBK with violating BSA regulations by failing to provide the resources, staff, and training necessary to adequately monitor transactions at IBKNY. 

From roughly 2006 until at least 2013, IBKNY relied on manual review of transaction alerts to identify suspicious activity. During at least 2010-2011, this manual review was conducted by a single AML compliance officer. Although the compliance officer repeatedly warned bank leadership at IBKNY and IBK that the existing manual review system and staffing was not adequate, and requested additional resources, IBK failed to invest in either automated transaction monitoring or additional trained staff.  

As a result of this deficiency, IBKNY’s review of potentially suspicious transactions fell behind, and the compliance officer was unable to identify suspicious transactions until months after they were completed. During this period, between January and June 2011, Kenneth Zong and his co-conspirators, including several Iranian nationals, used shell companies to submit fictitious documentation to Korean banks, including IBK, in order to obtain payment from Korean won-denominated accounts established for the Central Bank of Iran to facilitate certain limited trade between South Korea and Iran. The funds were transferred into accounts in South Korea that Zong controlled. From there, the co-conspirators converted the funds into U.S. dollars and transferred the U.S. dollars through U.S. financial institutions to accounts controlled by Zong and the co-conspirators, who were primarily Iranian.

As a result of its inadequate transaction review system, IBKNY did not review and identify the Zong transactions as suspicious until July 2011, by which time IBK had cleared $10 million in such transactions through IBKNY and $990 million in such transactions through other U.S. correspondent accounts. On August 22, 2011, IBKNY filed a suspicious activity report (SAR) with FinCEN regarding the transactions that had cleared through IBKNY, and later submitted a voluntary self-disclosure (VSD) to the Office of Foreign Assets Control (OFAC) regarding the same. However, IBK did not disclose either its involvement in the other $990 million in transactions that it cleared through other U.S. correspondent accounts, or the inadequacies in IBKNY’s transaction monitoring that violated the BSA and caused IBKNY to identify Zong’s transactions as suspicious months after they occurred. IBK also failed to preserve 18 months of relevant records, and continued to fail to remedy the inadequacy of the AML program at IBKNY. IBKNY ultimately adopted a new automated transaction monitoring system, but this did not become operational until January 2013, and was not verified by IBKNY’s auditors until 2014. IBK also did not hire a second full-time AML compliance officer until October 2014.

The DPA noted that, despite these prolonged violations, federal prosecutors considered the DPA appropriate in light of the facts that IBK undertook a “thorough internal investigation and transactional analysis,” provided “frequent and regular updates to the U.S. Attorney’s Office,” collected and produced evidence located in other countries, and made employees located in other countries available for interviews in the United States. SDNY also acknowledged that IBK, by the time of the DPA, had made significant efforts to remediate its AML program.

DFS’s Consent Order

Based on the same conduct, DFS entered into a consent order with IBK and IBKNY predicated on violations of the New York Banking Law relating to books and records and to the requirement to maintain an effective and compliant AML program. In addition to the basic conduct described above, DFS emphasized that it repeatedly had identified deficiencies in IBKNY’s AML compliance program, including its transaction monitoring, in examinations from 2011 onward, and that these deficiencies were only remedied in 2019.

In addition to finding that IBKNY had failed to maintain an AML program reasonably designed to detect suspicious activity and to screen transactions for sanctions compliance, DFS found that IBKNY had failed to comply with a provision of New York’s AML law – commonly referred to as Part 504 – that requires financial institutions to maintain AML transaction monitoring and sanctions filtering programs meeting certain specifications and to certify annually that their programs are in compliance with these requirements. DFS noted that IBKNY made the certification in 2018 despite inadequacies in IBKNY’s transaction monitoring, which had been identified in previous DFS examinations and by IBKNY’s own internal consultant, and which had not been fully remedied.

NYAG’s Non-Prosecution Agreement

The NYAG resolved its investigation of IBK and IBKNY with a non-prosecution agreement also announced on April 20, 2020. The press release notes that since 2014 the NYAG Crime Proceeds Strike Force investigated IBK alongside prosecutors from SDNY and also concludes that IBK and IBKNY violated the law by willfully failing to establish, implement, and maintain an adequate anti-money laundering program at IBKNY to prevent the illegal transfer of funds in the Zong transactions. The non-prosecution agreement between NYAG and IBK is not available on the NYAG website. Historically, NYAG has not prominently been involved in bank-related AML and sanctions indictments. The NYAG’s involvement in this case may signal a more robust posture in these areas going forward.

Practical Considerations

These settlements show a continued pattern of action by federal regulators and law enforcement targeting financial institutions that fail to provide adequate resources, staff, and training to their AML compliance function, including, most recently, the combined $598 million in fines and forfeiture brought against U.S. Bank National Association for resource-related issues that allegedly resulted in failures to timely review alerts of potentially suspicious activity. (This was followed by a $450,000 assessment by FinCEN against U.S. Bank’s Chief Operational Risk Officer for his role in failing to address resource-related issues.)

Together, these and other recent AML penalties show the importance of adequate resourcing of the AML compliance function. In particular, regulated financial institutions should ensure that they:

• are using transaction monitoring technology and methodology commensurate with their AML and sanctions risk and capable of identifying potentially suspicious or prohibited activity in a timely fashion;
• have adequate personnel to review and act on alerts generated by these systems; and 
• consider seriously complaints of inadequate resources from the AML and sanctions compliance functions, documenting any review of such requests and explaining any decisions made in response.