US enforcement authorities penalise companies for inadequate anti-money laundering compliance programmes



In 2018, US enforcement authorities demonstrated their commitment to anti-money laundering (AML) compliance through prosecutions and resolutions with financial and non-financial institutions. This article will highlight 2018’s key enforcement actions against companies for AML compliance programme deficiencies.

Three major enforcement themes emerged this year: (i) the adequacy of AML compliance programmes tailored to address companies’ particular risks and AML monitoring; (ii) companies’ integrity and transparency in interactions with the government; and (iii) taking aggressive action against companies with prior AML compliance issues.

Emphasis on AML compliance programmes to address their risks

In several settlements, US authorities noted that companies had failed to implement adequate monitoring programmes. For example, on 15 February 2018, the Department of Justice (DOJ) announced that it had agreed to settle AML-related charges with Minneapolis-based US Bank National Association (US Bank). US Bank entered into a two-year deferred prosecution agreement (DPA) with the DOJ, and resolved allegations with the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve. The DOJ alleged that the company wilfully failed to maintain an adequate AML programme and failed to file a suspicious activity report (SAR). In particular, the allegations against US Bank included its failure to allocate sufficient staffing and resources to AML compliance. The DOJ found that US Bank was, therefore, unable to “monitor, investigate, and report a substantial number of suspicious transactions”. US Bank pleaded guilty and agreed to pay total criminal and civil penalties of $613m to the US government and to improve its Bank Secrecy Act (BSA)/AML compliance programme.

Similarly, on 12 March 2018, the Federal Reserve Board ordered Industrial and Commercial Bank of China Ltd. (ICBC) to improve its BSA/AML compliance programme, citing significant deficiencies in a branch’s AML risk management and compliance programmes. The Federal Reserve issued a cease-and-desist order upon consent from ICBC and the New York branch at issue. The order stated that the branch had significant deficiencies in its AML risk management and compliance programmes and ordered ICBC and the branch to undertake significant steps to reform their AML policies and procedures.

Also in March, precious-metal company Elemetal LLC pleaded guilty and agreed to forfeit $15m for failing to maintain a compliance programme that may have prevented a $3.6bn money laundering scheme. On 16 March 2018, Elemetal pleaded guilty to a single count of failure to maintain an adequate anti-money laundering programme, in violation of the BSA. According to the stipulated facts filed with the court, Elemetal purchased and refined gold worth billions of dollars from countries around the world from August 2012 to November 2016. Although Elemetal was subject to the BSA’s requirement to establish AML programmes, the company “wilfully failed to develop, implement, and maintain an adequate anti-money laundering programme as required despite the high risk of gold-based money laundering”, according to federal prosecutor Francisco Maderal.

Integrity and transparency in interactions with enforcement agencies

In 2018, US authorities received significant penalties from companies which did not cooperate with investigations or which misled authorities. Among the notable cases in this category is the extension of a DPA for MoneyGram.

On 8 November 2018, MoneyGram and US authorities jointly filed to extend MoneyGram’s 2012 DPA, which had been originally set to terminate in November 2017 (and was extended until November 2018), until May 2021. In connection with this, MoneyGram agreed to forfeit $125m to settle allegations that the company breached its obligations under the DPA, including by misleading US authorities as to the nature of fraud issues the company faced. The parties’ motion notes that MoneyGram “did not adequately disclose [fraud interdiction system] weaknesses to the Department [of Justice] and instead told the Department that the rise in consumer fraud transactions was substantially related to external circumstances”.

Earlier in 2018, Rabobank pleaded guilty for concealing deficiencies in its AML programme and for obstructing the examination of the US Department of Treasury into Rabobank. On 7 February 2018, the DOJ announced that Rabobank National Association, a California subsidiary of the Netherlands-based Rabobank U.A., had agreed to settle criminal charges related to the concealment of deficiencies in its AML programme. Rabobank entered into the plea agreement in which it admitted to impairing, impeding and obstructing the OCC by concealing AML deficiencies, and obstructing the OCC’s examination. Pursuant to the plea agreement, Rabobank agreed to pay penalties and fines of over $369m. Rabobank’s former vice president George Martin entered into a two-year DPA on 14 December 2017 (terminated early on 10 December 2018), in connection with his role in the AML violations by Rabobank.

According to the plea agreement, the bank’s policies and procedures restricted its internal investigations into suspicious transactions, which resulted in the absence of “proper monitoring, investigation, and reporting” of suspicious violations. The bank precluded a proper investigation into suspicious transactions, failed to file SARs in appropriate cases, made false statements to the OCC, and “omitted material information to impair and impede the OCC and to obstruct the OCC’s BSA/AML [programme] examination”.

Repeat offenders

In 2018, US authorities settled with MoneyGram for alleged violations, subsequent to the initial enforcement action against the company, dated 2012, arising from the company’s failure to maintain an effective AML programme and aiding and abetting wire fraud. Capital One was in a similar situation in 2018 and also entered into a second settlement with authorities for alleged violations that post-dated the initial 2015 action against the company. In the case of Capital One, the company failed to fully comply with the initial consent order by not adequately addressing its compliance programme’s deficiencies and by not filing the required SARs. After the initial consent order, the bank also initiated wire transfers with inadequate or incomplete information. These instances of repeat offences should serve as a warning to companies currently facing enforcement actions – enforcement agencies will likely continue to scrutinise companies after settlements are reached.

These enforcement actions demonstrate the approach taken by US authorities to evaluate the adequacy of AML compliance programmes. US authorities continue to demand that financial and non-financial institutions have AML compliance programmes that are tailored to the risks they face. Authorities have also made it clear that they expect integrity and transparency from companies with which they interact and that prior enforcement action resolutions do not give companies leeway on the robustness of their AML compliance programmes. Companies would therefore do well to continuously assess and update their AML compliance programmes to ensure they are adequately addressing their own changing risk environments. If enforcement agencies initiate investigations, companies should be sure to act with integrity and transparency.


Ann Sultan is counsel and Maryna Kavaleuskaya is an associate at Miller & Chevalier. Ms Sultan can be contacted on +1 (202) 626 1474 or by email: Ms Kavaleuskaya can be contacted on +1 (202) 626 1471 or by email:

© Financier Worldwide


Ann Sultan and Maryna Kavaleuskaya

Miller & Chevalier

©2001-2019 Financier Worldwide Ltd. All rights reserved.