On March 4, 2020, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a consent order assessing a $450,000 civil money penalty against Michael LaFontaine, former Chief Operational Risk Officer at U.S. Bank National Association (US Bank) for his alleged failure to prevent violations of the Bank Secrecy Act (BSA) during his tenure. As Chief Operational Risk Officer, and prior to that position, Deputy Risk Officer, LaFontaine was responsible for overseeing US Bank’s anti-money laundering (AML) compliance department. According to FinCEN, although US Bank used automated transaction monitoring software to spot suspicious activity during LaFontaine’s tenure, it capped the number of alerts generated, limiting the ability of law enforcement to target criminal activity. In addition, the bank failed to staff the BSA compliance function with enough people to review even the reduced number of alerts, enabling criminals to escape detection.
The Office of the Comptroller of the Currency (OCC) warned US Bank on several occasions that imposing numerical caps on the monitoring program could result in a potential enforcement action. In addition, US Bank’s internal staff advised LaFontaine that the automated system was inadequate because caps were set to limit the number of alerts. LaFontaine had also received internal memos from staff explaining that significant increases in Suspicious Activity Reports (SARs), law enforcement inquiries, and closure recommendations created a situation where AML was “stretched dangerously thin.” Despite these warnings, however, LaFontaine failed to take sufficient action to eliminate the alert caps, which were in place for at least five years, and increase US Bank’s BSA staff and resources.
In February 2018, FinCEN, in coordination with the OCC and the U.S. Department of Justice, issued a $185 million civil money penalty against US Bank for, among other things, willfully violating the BSA’s requirements to implement and maintain an effective AML program and to file SARs in a timely manner. According to FinCEN’s recent order against LaFontaine, because he was responsible for overseeing US Bank’s compliance program, LaFontaine shared responsibility for these violations.
FinCEN’s enforcement action against LaFontaine illustrates that compliance officers can be held personally liable for implementing and maintaining inadequate AML compliance procedures and represents a recent trend among government regulators of holding individuals accountable for failing to effectively address compliance deficiencies within the financial institutions they serve.
It is clear that in seeking individual liability, FinCEN seeks to encourage compliance officers to take a more consistent and proactive approach to AML compliance. What may not be clear, however, is the exact point at which a compliance officer’s actions cross into individual liability. FinCEN Director Kenneth A. Blanco issued a statement about the enforcement action and noted that “Mr. LaFontaine was warned by his subordinates and by regulators that capping the number of alerts was dangerous and ill-advised. His actions prevented the proper filing of many, many SARs, which hindered law enforcement’s ability to fully combat crimes and protect people.” Blanco further stated that “FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly.” Based on Blanco’s statement and the FinCEN’s recent order against LaFontaine, individual culpability may attach when a compliance officer is put on notice about potential deficiencies in an AML compliance program but fails to address them.
If you have questions regarding how to implement and/or maintain an effective AML compliance program, please do not hesitate to contact the Kelley Drye’s White Collar, Investigations, and Compliance