Personal liability has become a major focus for regulators around the globe as they look a step beyond an organization’s role in compliance, taking a magnifying glass to individual accountability.
As just one example, under the United States Bank Secrecy Act (BSA) for financial institutions, “willful violations of the statute or its implementing regulations by an institution and any of its partners, directors, officers, or employees are punishable by a civil penalty of $25,000 (or the amount of the transaction at issue, up to $100,000) per day for each day the violation continues and at each office or location where it occurs or continues.” While the BSA has been in existence since 1970, it was just in the last two years that regulators began invoking the personal liability portion of this regulation. In a recent Thomson Reuters survey of compliance professionals around the globe, respondents spoke of heightened expectations that personal liability will increase in the next year. Ninety-three percent of respondents expect an increase in personal liability, and 64 percent expect a significant increase.
As regulators are increasingly looking to place blame, fines and other restrictions on individuals within an organization that has committed a compliance infraction, there are a few key principles compliance professionals should keep in mind to ensure that they are prepared to be held personally liable.
Global regulators continue to issue guidance around what “personal liability” means for financial institutions and the compliance teams within them. A close look at the evolving regulations in both the U.S. and UK offers valuable insight into this trend.
The UK Bribery Act provides a company with a defense to a charge of failing to prevent bribery if one can show that the organization in question had “adequate procedures” in place to prevent bribery. The UK Ministry of Justice has articulated six guiding principles to determine adequate procedures: “Proportionality, Top Level Commitment, Risk Analysis, Due Diligence, Communication, and Monitoring and Review.”
In the U.S., the memorandum issued in late 2015 by Deputy Attorney General Sally Yates (the Yates Memo) served as a call to action for the U.S. Department of Justice (DOJ) to increase its efforts to hold executives personally accountable for corporate misdeeds.
The Yates Memo states it is “seeking accountability from the individuals who perpetrated the wrongdoing” as “it deters future illegal activity, it incentivizes changes in corporate behavior, it ensures that the proper parties are held responsible for their actions, and it promotes the public’s confidence in our justice system.”
Though the true effects of the Yates Memo are yet to be seen, this was a clear sign from U.S. regulators that companies should expect regulatory bodies to hold not only an organization accountable, but also individuals within the company.
In the state of New York alone, a December 2015 proposal from the New York Department of Financial Services (NYDFS) focused on increased criminal sanctions for senior compliance officers around money laundering and terror finance-related misdeeds.
As personal liability continues to find its way onto federal and state regulatory agendas around the globe, companies and compliance professionals should be prepared for the real implications of this change.
Geting personal - the real implications of regulatory scrutiny
News headlines continue to tell the story of individual compliance professionals taking an increasingly large fall for compliance failures or inadequacies within financial institutions of all sizes. These compliance officers face not only fines, but also suspensions and even imprisonment due to their individual responsibility to uphold proper compliance standards within their organizations.
In 2011, Olympus, the leading camera and medical equipment maker, and three of its former executives pleaded guilty to inflating the company’s net worth by more than $1.7 billion in one of Japan’s biggest corporate financial scandals. On top of massive corporate fines, the courts also issued 10-year jail sentences and fines of up to $128,000 for the former executives, making examples of their role in the financial fraud.
In February 2014, the U.S. Financial Industry Regulatory Authority (FINRA) suspended a former global anti-money laundering (AML) compliance officer at Brown Brothers Harriman & Co. and fined the company a record $8 million for its inadequate BSA/AML program. On top of the suspension, the AML compliance officer also personally paid $25,000 under the settlement terms. FINRA made a clear statement in this case that fines and suspensions are far from out of the question when it comes to an individual’s role in ensuring that proper AML procedures are in place.
Echoing this earlier FINRA case, in May 2016, FINRA fined Raymond James Financial Inc. $17 million due to “widespread failures in anti-money laundering compliance.” On top of this, FINRA also suspended the firm’s AML compliance officer for three months and fined her $25,000.
In a similar case of regulators holding a compliance officer accountable, the U.S. Attorney’s Office for the Southern District of New York filed a civil enforcement action in December 2014 against a former chief compliance officer for MoneyGram, issuing a $1 million penalty from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN). FinCEN remarked on the officer’s personal role in compliance violations related to the use of MoneyGram’s services by various perpetrators of fraudulent telemarketing and other schemes. The DOJ settled with the corporate entity, MoneyGram, for $100 million.
The former officer’s attorneys stated, “FinCEN’s action today marks the first time, to our knowledge, that the government has filed suit Personal Liability to hold an individual compliance officer personally responsible for alleged anti-money laundering compliance failures of his employer.” FinCEN made an example of this former compliance chief, showing the expensive price tag associated with failure to properly institute AML procedures and monitoring.
Two Securities and Exchange (SEC) cases in 2015 against compliance officers at BlackRock and SFX Financial Advisory Management Enterprises fined these individuals for failure to put proper monitoring in place to detect financial fraud. While both compliance officers remained at each company, the fines specifically pointed to the SEC’s focus on the importance of proper monitoring around financial fraud and the role of compliance officers in ensuring adequate checks and balances are in place.
In the UK in 2015, former Compliance Director Stephen Bell was fined £33,800 and banned from acting as a compliance officer following a Financial Conduct Authority (FCA) investigation that concluded he had designed and was responsible for the systemic weaknesses in the compliance systems and controls at Network Financial Group.
Recently, the Panama Papers have brought to light the real implications of rampant executive corruption and money laundering, pressuring regulators around the world to take a closer look at the personal role of investment advisors and other executives who may be privy to money laundering incidents within a financial institution. In the U.S., banks, securities firms, money service businesses, insurance firms, commodity brokers and various other members of the U.S. financial industry are already held to AML laws by FinCEN. With the publication of the Panama Papers, FinCEN is witnessing pressure to expand this list of those held responsible under AML laws.
A checklist - four ways to prepare for personal liability concerns
With federal, state and global regulators looking more closely at an individual’s role in ensuring proper compliance procedures are in place, there are a few key steps compliance officers can take to be better prepared for the knock on the door from regulatory watchdogs.
1. Regular training of employees
Compliance training should be repeated regularly and available in a variety of formats and languages to ensure an organization – and its compliance officers – are instilling a culture of compliance from the very top. With microlearning modules providing more regular, interactive training options for employees, global organizations can better ensure they are not only checking the box for compliance, but also taking it a step further to instill a compliance mind-set as a foundation for doing business. While a regular training program can help ensure an organization and its employees are better prepared should a compliance infraction occur, regulators are increasingly looking for documentation of any and all training that occurs across an organization.
2. Detailed reporting of compliance training
With global regulators increasingly asking for more and more data around an organization’s compliance policies and practices, it’s critical that compliance officers and their organizations maintain a consistent and regular practice of documenting everything in one place. Having an audit-ready paper trail not only makes it more efficient for a company to answer a regulatory inquiry should it arise, but also demonstrates to regulators that the organization is focused on creating a robust compliance plan and fostering a culture of compliance.
3. Ensured access to relevant compliance rules
With the ever-evolving nature of compliance regulations today, it is critical that organizations keep compliance officers in the know about the constant regulatory changes that matter most to their business. Access to updates on regulatory changes coupled with relevant news and guidance from experienced compliance professionals allows compliance officers to showcase the extent to which they provide employees with the educational and practical materials needed to spot potential fraud.
4. Monitoring of third-party risks
Third-party risks continue to be a focus for regulators and compliance officers alike as organizations grapple with the global economy and the changing risks of third-party vendors. Compliance officers should be certain to have an onboarding and continual monitoring practice when it comes to any third parties that the organization works with around the world. Such compliance practices ensure they are applying appropriate risk rankings and rules to each vendor.
The estimated amount of money laundered around the world amounts to between 2-5 percent of global GDP according to the United Nations Office on Drugs and Crime (UNODC).11 Penalties for financial crime and AML failings in banks over the past two years alone have amounted to more than $8.9 billion. With fines and penalties – specifically for compliance officers – becoming increasingly common, there unfolds a challenge of not only ensuring that an organization is prepared for regulatory scrutiny around AML procedures, but also that individual compliance professionals within the organization are fully equipped. While regulators around the globe are scrutinizing compliance officers more intently, there are key steps that can be taken to ensure an organization and its compliance professionals are prepared, including regular training, consistent reporting, access to relevant rulebooks and monitoring of third parties.
For the trusted answers that help you anticipate, mitigate and act on risk with confidence. Manage enterprise risk, corporate governance, customer and third party risk, regulatory compliance and financial risk effectively, and accelerate business performance.