From Regulatory Confusion to Fear of Regulators

GUEST BLOGGER

Daniel Tannebaum, CFE
Head of Compliance - Americas, Travelex and Chief Compliance Officer, Travelex Currency Services Inc.
New York, NY

In June, I wrote an ACFE Insights piece, “Why Won’t Regulators Just Tell Us What They Want?” in advance of my presentation at the ACFE Annual Fraud Conference in Orlando. That article seems like ages ago in relation to this summer’s events.

I can’t recall a time when a money laundering investigation made it to the whip-around on the Daily Show, but HSBC did just that.

I can’t remember a time when one of the largest correspondent banks in the U.S. was threatened with the termination or suspension of its banking license, but Standard Chartered filled that void.

I wrote in my last piece that it seems as if regulators have shifted from a culture of guidance and clarification to one of enforcement. It seems now that regulators are following through with the threats made over the past several years.

It has been known for some time that HSBC was in the midst of what will ultimately result in the largest civil monetary penalty in global history for AML and sanctions deficiencies, and potentially may result in criminal charges (although that has been threatened in the past). On July 17, 2012, the Senate Permanent Subcommittee on Investigations (PSI) held a public hearing in which HSBC business and compliance leadership testified on a lengthy report relating to programmatic issues dating back nearly a decade. This event was the equivalent to a Super Bowl for compliance professionals. A Group Head of Compliance stepped down in front of the U.S. Senate, and the former architect of the U.S. counterterrorist financing regime, now Chief Legal Officer at HSBC, was lambasted by various senators. Never before have AML and sanctions issues been brought into the mainstream like this hearing had done.

In the end, the Office of the Comptroller of the Currency (OCC) publicly stated that they will be increasing the stringency of their AML examinations, something that they stated in the wake of the Wachovia penalty nearly three years ago.

And that was just July…

August brought with it a threat from the New York State Department of Financial Services (DFS) to Standard Chartered claiming that transactions conducted over the past 10 years through their New York branch violated Iranian transaction regulations. The order called for a public hearing to speak to the charges with the potential penalty of having its license terminated.

This is where the fun begins. The DFS claimed that Standard Chartered was stripping Iranian references from payments, as in other cases such as Credit Suisse, Lloyds and ABN, to evade sanctions. This case is slightly different than those. Standard Chartered was using an exemption in OFAC regulations called a “u-turn,” where commercial transactions to Iran could clear through U.S. financial institutions so long as the transaction originated at a non-U.S. bank going through a U.S. bank and destined for a non-U.S. bank. While this exception was terminated by OFAC in November 2008, the transactions listed in the DFS report pre-dated the change in OFAC policy.

In the end, rather than face a public hearing, Standard Chartered paid a $340 million settlement to DFS. A letter sent by OFAC Director Adam Szubin to the UK Financial Services Authority highlighted the legitimacy and due diligence requirements of u-turn payments while not directly commenting on the pending Standard Chartered vs. DFS case. You be the judge.

Whereas before we were concerned that regulators were focusing more on enforcement than guidance, those worries continue to be upheld. The scary part now is what do you do when a regulator threatens your license using laws they aren’t the subject matter expert on?

They’re the regulator, what they say goes and you must pay to stay in the game. Even scarier.

Why Won’t Regulators Just Tell Us What They Want?

GUEST BLOGGER

Daniel Tannebaum, CFE
Head of Compliance - Americas, Travelex and Chief Compliance Officer, Travelex Currency Services Inc.
New York, NY

When I worked for the U.S. Treasury Department, I almost always began my public remarks with the nine most terrifying words in the English language, “I’m from the government and I’m here to help.” Americans always made light of those remarks from President Reagan in 1988, but when did civil servants stop serving the taxpayer and begin to embody that statement?

For all of my adult life I’ve worked in varying compliance roles with the government, in the private sector, back to the government and then ultimately back to the private sector. In all of that time I’ve faced the same question from multiple perspectives: “Just what are the regulators looking for?”

In my role at the Office of Foreign Assets Control (OFAC) I provided guidance and clarification to the financial services industry on how to best comply with OFAC regulations.

In Summer 2005, the five functional U.S. banking regulators (Federal Reserve, FDIC, OCC, OTS and NCUA) joined forces to release a landmark compliance document. The consolidated Federal Financial Institutions Examination Council (FFIEC) Examination Manual, the so-called “bible” of consolidated supervision guidance, was to serve as a critical piece of any institution’s compliance program as now the regulators were using one uniform examination practice. This document contained the key components of all AML compliance programs, something that previously differed from regulator to regulator.

Sounds great, right?

That wasn’t the entire story. As conversations with regulators continued, it became evident that the examination outline laid out in the manual was essentially the bare minimum that a company could do in order to pass an examination. Many compliance officers asked, “But, how could I not only pass, but excel in an examination?” The response typically given is consistent with what most government employees say, “I’m sorry, I can’t help you with that.”

Speaking from personal experience, when I was a compliance officer at OFAC, my department’s mission was that of guidance and clarification. That same team is now charged with “enforcement and case evaluation.” How, within just five years, can a mission so pure and helpful to American businesses change so harshly?

OFAC isn’t alone, as other regulators have seemingly changed their tone, now honing in on enforcement rather than assistance. As we’ve all seen, fines have grown exponentially in the compliance space over the past five years. We’re at the point now that a $1 billion penalty may not have the same impact that an $80 million fine had in 2005.

So back to my original point, why can’t regulators just share with us how we can run clean businesses? It seems relatively counterintuitive as we all try to ensure that our organizations are stable and are providing good product offerings. Why make the relationship more adversarial than is necessary? As I write this article I’m preparing my company to be examined by one state in the union who has given us conflicting requests for the upcoming examination.

And the cycle continues…

Tannebaum will address these questions and more at during his session, “How to Build an Effective AML/OFAC Compliance Program” at the 23rd Annual ACFE Fraud Conference & Exhibition in Orlando, June 17-22, 2012. Already have some thoughts? Share them in the comment box below.

'One Size Fits All' Approach Doesn’t Work in OFAC Compliance Programs

AUTHOR'S POST

Mandy Moody

ACFE Social Media Specialist

grassnowalkingsign.jpg

Daniel Tannebaum, CFE, Regional Head of Currency Services Compliance - Americas at Travelex and a former compliance officer with the Office of Foreign Assets Control (OFAC), refreshed ACFE Fraud Conference attendees on the importance of complying with OFAC sanctions in the breakout session, “The Most Important Regulation You’ve Never Heard Of.”

What is OFAC?

Economic sanction regulations have existed since 1812. The Office of Foreign Assets Control (OFAC) was first organized in the 1940s, and administers and enforces economic and trade sanctions against target hostile governments, individuals, entities and practices. The office has jurisdiction over American citizens and permanent resident aliens located anywhere in the world, as well as any individual, regardless of citizenship, which is physically located anywhere in the United States. In other words, this small acronym means big compliance issues for businesses potentially (or even mistakenly) interacting, or preferably not interacting, with governments like Cuba, Iran and Libya, terrorists, drug traffickers or businesses involved with proliferating weapons of mass destruction.

“OFAC is not a regulator, but rather an enforcement agency; when they turn up at your office, it’s usually too late,” Tannebaum said. “It is unlike any other regulatory agency in the world. Its sole mission is economic sanctions.”

He compared OFAC to the Bank Secrecy Act (BSA), advising strict liability compliance versus taking a risk-based approach. Federal regulators and compliance professionals like Tannebaum are dedicated to monitoring and avoiding interaction with those businesses and individuals on the Specially Designated Nationals (SDN) and Blocked Persons List, and those part of the regime based sanctions programs.

Read the full article here.