By Matthew Schwartz and Peter Skinner
The Bank Secrecy Act (BSA) requires financial institutions to detect and report suspicious activity. For years, the BSA was almost purely the province of banking regulators. But recently, the Department of Justice has dramatically increased the rate of criminal prosecutions. Understanding how the DOJ investigates BSA violations is critical.
Criminal penalties have always been available under the BSA. But in 2001, the USA Patriot Act significantly changed the landscape. Before the resulting regulations took effect in 2002, there was not a single criminal prosecution for the failure of a financial institution to maintain an effective anti-money laundering (AML) program, or to file suspicious activity reports. But over the next decade, until the end of 2013, the DOJ brought numerous criminal BSA cases and collected forfeitures exceeding $1.69 billion from financial institutions. In January 2014, the Manhattan U.S. Attorney announced criminal BSA charges against JPMorgan Chase Bank and simultaneously announced a deferred prosecution agreement. Under the DPA, JPMorgan forfeited $1.7 billion — instantly doubling the DOJ’s historical BSA penalties.
All signs point to continued increased criminal enforcement, with new units being created in several key prosecutors’ offices to focus on BSA violations. And as prosecutors have gotten more involved in BSA enforcement, the regulatory penalties have also sky-rocketed. Foreign jurisdictions are also adopting and enforcing their own AML statutes, further crowding the enforcement landscape.
The DOJ’s increasing and increasingly effective use of the BSA is the result of its unique investigative model. Rather than investigating a financial institution’s compliance program the way that regulators do — by spot-checking aspects of the program and ensuring the appropriateness of its overall design — prosecutors investigate BSA violations like any other crime.
With most crimes, the investigation begins at the end. With a crime of violence, there’s an injured victim, or a body. With fraud, there are victims who have lost their savings. The critical questions are: Who did this, and why?
With a violation of the BSA, there is also a crime — fraud, narcotics trafficking, or something else — that has been perpetrated through a financial institution. Maybe, as in the case of JPMorgan Chase, a Ponzi scheme was run through an account at the institution. Or, as in the case of Wachovia, perhaps a cartel used the bank to launder drug proceeds. The question for law enforcement is therefore not (as it is in regulatory examinations) whether the institution has a BSA/AML program that is adequately designed and implemented. Instead, prosecutors ask, already knowing that a crime has been committed: Why didn’t the compliance program catch this? As the DOJ has acknowledged, in every BSA prosecution of a financial institution, “the bank’s conduct aroused the attention of prosecutors and investigators who were investigating other criminal activity.”
What does this mean for financial institutions? Most importantly, it means if a financial institution learns that the DOJ is looking into its compliance program, it may already be too late to convince the DOJ that that program is effective.
By the time they overtly turn their attention to a financial institution, prosecutors investigating the underlying crime already understand how the institution was used to commit it. They have almost certainly reviewed transaction information implicating the financial institution, as well as phone records, emails, text messages, chats and other communications. They have also likely talked to witnesses who interacted directly with employees of the institution, if not with those employees themselves.
The financial institution also will have, in most cases, already produced documents to investigators. Financial institutions receive numerous government subpoenas targeting the accounts of suspected drug dealers, fraudsters and the like. In most cases, these subpoenas betray no hint that the institution itself may be (or become) the target of the investigation.
Although it is impossible to treat every routine subpoena as a potential BSA investigation, financial institutions need to do some basic triage. First, the news that a significant crime was run through an otherwise responsible institution should already trigger internal reviews and generate “lessons learned.” Part of that look-back needs to include BSA compliance — it will put the institution in a better position to assess its own risks and will also allow it to cooperate with law enforcement, which is an important prosecutorial consideration.
Second, law enforcement subpoenas are supposed to trigger AML investigations. According to the Federal Financial Institutions Examination Council, financial institutions should have policies for investigating suspicious activity, including “the transaction activity of subjects included in law enforcement requests (e.g., grand jury subpoenas, section 314(a) requests, or National Security Letters).” To that, we would add administrative subpoenas issued by agencies (like the DEA, IRS and SEC) that have authority over offenses likely to trigger BSA investigations.
Financial institutions should create policies and procedures that do more than require their compliance staff to conduct a routine AML investigation of the subject of government subpoenas. At the very least, including senior compliance and legal personnel in the reporting chain will help to recognize trends in law enforcement activity that could signal trouble for the institution.
Financial institutions can also proactively contact law enforcement in response to subpoenas. Overworked and under-resourced prosecutors appreciate the assistance of a real, live person. This is helpful to the prosecutor, because the institution can make a more targeted search of its records and because it provides a point of contact for any follow-up. And it is beneficial to the company, which may be able to learn more about the investigation, and so gain valuable information about whether the institution itself might become a target. And if the point of contact is someone that the prosecutor finds credible, the institution will also often be able to limit the scope of the subpoena — saving valuable resources — on the promise that the company can always produce more records, if necessary.
While it is no surprise that prosecutors investigate BSA violations like most other crimes, they represent a marked shift from regulatory enforcement for which corporate counsel must be prepared.
(This article was first published by Inside Counsel. Republished with permission.)