White Collar Defense and Investigations: Anti-Money Laundering (AML)
The risks to the financial systems of money laundering, terrorism financing, and other financial crimes has been taken very seriously by many governments since the September 11 terrorist attacks on the United States and the numerous additional terrorist attacks, organized-crime crackdowns, and drug and human trafficking prosecutions throughout the world since then.
A broad range of financial services businesses are required to maintain formal anti-money laundering (AML) programs and are subject to extensive governmental oversight of their business activities. Many other industries, including gaming, leisure, real estate, vehicle sales, food and alcohol, and retail that are perceived as facing higher risks of being used by money launderers, terrorist financers, or other financial criminals are also subject to specific AML regulations, and are sometimes required to maintain a written AML program. Even charities, universities, and international nonprofit organizations have been investigated in recent years for AML issues because criminals have become increasingly sophisticated in moving tainted funds through organizations of all types, often with the help of rogue employees or lax internal controls.
As a fully integrated global law firm with lawyers located across five continents, we are uniquely positioned to provide a comprehensive range of services to any company wishing to negotiate the regulatory maze created by money laundering legislation. These services range from the development of tailored AML programs; training of employees, management, and directors; assistance with day-to-day Bank Secrecy Act (BSA) and AML matters; enterprise-wide BSA and AML risk assessments; and assistance in addressing and minimizing the impacts of regulatory enforcement actions.
When financial services companies are faced with a compliance mandate or investigation (or even a possible consent order or deferred prosecution agreement), our multi-office team brings lawyers from both industry-specific and procedure-specific groups together to provide comprehensive services under one roof. Our AML team has lawyers with experience in a variety of disciplines and skills. We have lawyers with technical degrees such as accounting and computer science; advanced certifications such as Certified Anti-Money-Laundering Specialist; multilingual fluency including Arabic, Chinese, and Spanish; and prior experience working for financial institutions or the government to conduct policy and control audits, enhanced customer due diligence, transactional or data analysis, witness interviews, and case assessment. This seasoned group analyzes a client’s unique needs, recommends efficient and reasonable solutions, and guides it through implementation—all with the respect for and protection of its (and its customers’) privacy that only an effective lawyer-client privilege relationship can offer. We also work with our Internal Investigations, Enforcement, and White Collar; Anti-Bribery and Anti-Corruption; Sanctions; and Combatting the Financing of Terrorism (CFT) colleagues to create synergies within clients’ existing policies and controls designed to address similar issues and to detect proceeds of crime before they enter the financial system or a client’s network for laundering by recognizing the underlying offenses at issue.
Leveraging our years of AML experience representing clients before prosecutors, civil investigators, and regulatory oversight bodies, our cross-practice team can assist with:
- Strategic risk assessments of present business practices (account handling practices, due diligence for new customers, and transaction trading and clearing processes) and information systems infrastructure.
- Structuring and performing internal investigations and being sensitive to employment law issues, as well as privacy regulations for both employees and customers.
- Responding to regulatory inquiries and enforcement actions thoroughly and effectively while maintaining the security of sensitive competitive information.
- Establishment, review, and documentation of compliance practices, including procedures, literature, programs, and training.
- Thorough analysis of the privacy, data protection, information security, and cybercrime prevention considerations inherent in reviewing customer accounts and reporting activity to governmental supervisory bodies.
- Review and drafting of third-party vendor relationship agreements, as an enhanced technology infrastructure may be the best way to bring current practices into compliance with the requirements under the USA Patriot Act of 2001 (Patriot Act) or the UK AML laws and regulations.
Each client faces a distinct set of challenges in complying with AML law. We anticipate that AML issues and the significant financial and reputational risks they pose will continue to be of major concern to all companies.
In the United States
The Bank Secrecy Act (BSA) requires financial institutions, as defined by the BSA, to implement and maintain an appropriate AML program reasonably designed to ensure compliance with BSA and AML requirements. Covered financial institutions for these purposes include banks, broker-dealers, money services businesses, residential mortgage lenders, casinos, and even certain dealers in jewels and precious metals.
The exact AML program requirements depend on the type of financial institution, but generally include customer identification and due diligence procedures (sometimes collectively referred to as “know your customer” requirements), maintenance of records and the filing of suspicious activity reports and other reports, the designation of a qualified individual responsible for day-to-day BSA and AML compliance, appropriate training, and independent testing of BSA and AML compliance. Many financial institutions are now also subject to requirements to identify and verify the identity of the beneficial owners of their legal entity customers. If the Financial Crimes Enforcement Network (FinCEN) or the institution’s regulator identifies weaknesses in an AML program, the institution and even sometimes its owners and managers can be subject to significant fines. If law enforcement discovers the presence of money laundering, that institution could be criminally charged.
The Patriot Act expanded the scope of the BSA and gave broad additional authority to a number of federal agencies to investigate and prosecute institutions and individuals suspected of money laundering activity:
- The U.S. Department of Justice (DOJ) is increasing its work with foreign and domestic agencies with both criminal and civil enforcement powers at federal and state levels to settle large and complex cases.
- Leveraging the use of deferred prosecution agreements, compliance monitors paid for by targets and shared resources from Office of the Comptroller of the Currency, the Federal Reserve, the Treasury Department (including FinCEN), and state agencies, the DOJ has extracted numerous large penalty payments, including a US$1.9 billion settlement with a global bank in 2012, a combined recovery of over US$500 million in 2010 and 2014 AML enforcement actions against the same bank, a US$1.7 billion settlement in 2014 against a bank with lax AML controls that facilitated a Ponzi scheme, a staggering US$9 billion AML and sanctions penalty against a foreign bank in 2014, and a record US$586 million forfeiture arising from AML issues at a money services business in 2017. The chief compliance officer of another money services business was fined US$250,000 on a personal basis and barred from working as a compliance officer for any other money transmitter for three years.
- The Securities and Exchange Commission and the Financial Industry Regulatory Authority (FINRA) repeatedly have stated—and shown—that AML enforcement remains a top priority in their reviews of public companies, broker-dealers, and other regulated companies, with FINRA settling claims of inadequate AML controls with the investment arm of a major global bank for US$16.5 million in December 2016.
- While U.S. regulations require financial services businesses to generally report suspicious financial activity or currency transactions over a certain size to FinCEN, these regulations have been expanded to require, among other things, reports of cyberbreaches and attacks, enhanced customer due diligence, and even for nonfinancial entities to report cash transactions or other information to FinCEN or the Internal Revenue Service, sometimes because of the mandates within detailed and often-changing geographic targeting orders.
- If a financial institution as defined by the BSA fails to implement and maintain an appropriate AML program reasonably designed to ensure compliance with the BSA and AML requirements, and law enforcement discovers the presence of money laundering, that institution could be charged criminally. Covered financial institutions for these purposes include banks, broker-dealers, money services businesses, residential mortgage lenders, casinos, and even certain dealers in jewels and precious metals.
- The Patriot Act makes the smuggling of cash into or out of the United States or across state lines a federal crime. This provision could be a source of liability for financial institutions that accept cash or property as collateral for loans that could eventually be traced to “smuggled cash.”
In the United Kingdom
AML laws are essentially made up of the following three components (not taking into account the rules imposed by the UK Financial Conduct Authority in relation to regulated businesses and authorized persons):
- The Money Laundering Regulations 2017 (which came into force in June 2017 to transpose regulations contained within the EU’s Fourth Money Laundering Directive) require the establishment of administrative procedures to be followed by those regulated by them relating to, among other things, risk assessments, customer identification (customer due diligence and enhanced due diligence), record keeping, internal controls, policies and procedures, training, and having a money laundering nominated office.
- The Proceeds of Crime Act 2002 (as amended by the Crime and Courts Act 2013 and Serious Crime Act 2015), which contains the principle money laundering offenses.
- The Terrorism Act 2000 (as amended by the Anti-terrorism Crime and Security Act 2001, the Terrorism Act 2006, and the Proceeds of Crime Act 2002 (Amendment) Regulations 2007), which contains money laundering offenses that apply in cases of knowledge or suspicion that an individual is involved in terrorism, (as opposed to any other crime).
The UK Financial Conduct Authority has not been slow in imposing fines for noncompliance with AML procedures. Over the past few years, a number of prominent UK-based banks have been fined millions of pounds for money laundering violations for breaches of UK regulations and system and control failures.
In Germany
AML laws are essentially made up of the following two components (not taking into account the obligations imposed by German tax laws to obtain and record data of client identity in case of a maintenance of accounts and the custody of valuables):
- The German Banking Act (Kreditwesengesetz, KWG) sets out specific requirements for a proper business organization to support the prevention of money laundering, financing of terrorist activities, and other criminal activities (including the ongoing development of strategies and measures against a misuse of new financial products and technologies).
- The German Money Laundering Act (Geldwäschegesetz, GwG) sets out dedicated obligations and requirements to prevent money laundering activities, including requirements to identify counterparties and any economic beneficiaries prior to the establishment of a business relationship or the execution of a transaction and to report “suspicious transactions.”
The German implementing measures in relation to the EU’s Fourth Money Laundering Directive were enacted on June 26, 2017 and significantly increased the granularity of the regulatory framework. Further guidance in relation to this framework has been provided by the Financial Services Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) and the German Banking Industry (Die Deutsche Kreditwirtschaft, DK).