Anti-money laundering (AML) compliance officers should take relatively little comfort from regulators’ recent reassurances at the Institute of International Bankers’ Annual Anti-Money Laundering Seminar (IIB Seminar) held May, 2016. Yes, agency officials at the event did indicate that due to the bar for criminal prosecution, compliance officers face little risk of criminal prosecution for compliance program failures—even under today’s increasingly stringent AML regulation and enforcement. However, recent developments show that compliance officers’ risk is actually rising, at least when it comes to reputational risk, career risk, and civil money penalties.

From the Department of Justice to the New York State Department of Financial Services, the message of personal liability is being made clear at all levels of a financial institution, including the compliance department. For non- criminal activity, where an AML program is viewed as flawed, the AML compliance officer is increasingly on the hook for the flaws. This is reputational risk, which translates into career risk and can be topped by civil money penalties.

While disciplinary action against some AML compliance officers has not been public, it has nevertheless resulted in their removal by management at the suggestion of a regulator or as a result of exam issues. Others have been publicly sanctioned, either through removal, monetary assessments, or both. In either case, the reputational risk is done, whether in public consent orders or through the rumor mill.

A Case in Point
A recent instance involves a former AML compliance officer at a broker-dealer registered with the Financial Industry
Regulatory Authority (FINRA).

To set the stage, you should know that over time, FINRA has strengthened its financial crimes examination team with subject matter experts who have the domain experience to more effectively examine the health of broker-dealer compliance programs for AML and for upholding sanctions imposed by the Office of Foreign Assets Control. FINRA’s examination manager spoke at the IIB Seminar and clearly articulated FINRA’s examination approach, which now appears quite similar to that of the Office of the Comptroller of the Currency and the Federal Reserve. He discussed how his agency assesses the effectiveness of monitoring and alerting systems, case management processes, and suspicious activity reports—all in a way I hadn’t heard from FINRA before. Clearly, FINRA is now a much more effective regulator in this space.

Which brings us to the May 2015 FINRA Letter of Acceptance, Waiver, and Consent with the above-mentioned broker-dealer. The consent order makes it clear that the cited compliance programs’ weaknesses were viewed not only as rooted in the failure of the institution’s management to support it. The AML compliance officer was also blamed for failing to build and maintain the program.

To be fair, it is difficult to know the full backstory—hard to tell from the order whether the institution didn’t support the AML compliance officer, or whether the AML compliance officer had inadequately assessed the risk and so didn’t properly advise management and implement the appropriate program elements, or whether there was some combination of these root causes. In any event, some of the principal failures cited in the consent order are:

    • The AML compliance officer and the institution did not dedicate resources to match its growth with reasonable compliance systems and procedures, resulting in certain red flags of potentially suspicious activity that went undetected or inadequately investigated.

The AML compliance officer and the institution failed to establish AML programs tailored to each firm’s business, and instead relied upon a patchwork of written procedures and systems.

  • AML program failures also included the lack of due diligence, enhanced due diligence, and periodic risk reviews of foreign financial institutions, as well as the AML compliance officer’s failure to ensure that such reviews were conducted.
  • The institution also failed to establish and maintain an adequate customer identification program.

Note that throughout the order the failures of the AML compliance officer are cited as a key reason for program weaknesses.

No Rest for the Compliance Officer

AML compliance officer liability resides at a number of different levels—legal to reputational. Reputational risk is possibly the most prevalent risk today—one that should constantly be on the minds of every AML compliance officer. The writing is on the wall. Senior management and boards need to support their AML compliance officers and challenge them on the health of the institution’s AML program. And the AML compliance officer needs to challenge management and the board when he or she feels the program is in any way at risk. You can never rest when it comes to risk, particularly when that risk gets personal.