White Collar & Corporate Investigations Alert
On March 4, 2020, the Financial Crimes Enforcement Network of the U.S. Treasury Department (“FinCEN”) assessed a civil monetary penalty of $450,000 against Michael LaFontaine, the former Chief Operational Risk Officer and Chief Compliance Officer of U.S. Bank National Association (“U.S. Bank” or the “Bank”), for failing to prevent violations of the Bank Secrecy Act (the “BSA”) by the Bank. FinCEN determined that LaFontaine ignored multiple warnings from both subordinates and regulators that U.S. Bank had improperly capped the number of alerts generated by its automated transaction monitoring system and failed to sufficiently staff the Bank’s anti-money laundering (“AML”) compliance function. The consent agreement between FinCEN and LaFontaine was executed two years after enforcement actions by multiple government agencies culminated in penalties against the Bank totaling $613 million arising out of charges that the Bank failed to maintain an effective AML program and report suspicious transactions.
FinCEN set the stage for its assessment against LaFontaine by specifically referring to the OCC’s and FinCEN’s 2010 regulatory actions against Wachovia Bank for conduct similar to the activities underlying U.S. Bank’s AML violations. Because of an insufficient number of compliance personnel to review alerts, Wachovia Bank had capped the number of alerts generated by its transaction monitoring system. FinCEN noted that LaFontaine should have recognized the relevance of the Wachovia action to U.S. Bank’s practices, or at least conducted additional diligence to make an appropriate determination of the applicability of the Wachovia case.
The LaFontaine enforcement action is reminiscent of the $250,000 settlement among Thomas Haider—the former Chief Compliance Officer of MoneyGram International Inc. (“MoneyGram”)—FinCEN, and the U.S. Attorney’s Office for the Southern District of New York in 2017. Haider also agreed to a three-year injunction that prohibited him from performing a compliance function for any money transmitter. In holding Haider personally liable in connection with MoneyGram’s AML violations, the order of settlement highlights his failure to exercise his authority to maintain an effective AML program in light of concerns raised by subordinates.
In contrast, FinCEN did not take enforcement action against an AML officer in the 2016 In re Sparks Nugget, Inc. matter, where it assessed a $1 million penalty against the casino Sparks Nugget, Inc. for, inter alia, its failure to file suspicious activity reports (“SARs”) and currency transaction reports. FinCEN’s assessment against the casino specifically noted that its AML officer had documented her concerns regarding the firm’s failures, filed written complaints regarding deficient resources, was directed by her managers to stop speaking with the AML examiner, and was otherwise disregarded by the company.
Between 2005 and 2014, LaFontaine held senior positions within the Bank’s AML hierarchy. He worked as the Chief Compliance Officer (“CCO”) starting in 2005, was promoted to Senior Vice President and Deputy Risk Officer in 2010, and subsequently was promoted to Executive Vice President and Chief Operational Risk Officer in 2012. As Chief Operational Risk Officer, LaFontaine oversaw U.S. Bank’s AML compliance department and supervised the Bank’s CCO, AML Officer (“AMLO”), and AML staff.
Although the Bank’s internal security systems monitored transaction data and generated alerts for potentially suspicious activity, during LaFontaine’s tenure caps were imposed on the number of alerts its systems would generate. Further, FinCEN characterized the hiring of approximately 30 AML investigators as “woefully inadequate.” Despite having 22 different monitoring queries in place, the number of alerts generated by the six queries that usually produced the greatest volumes of alerts was limited. FinCEN noted that many high-risk transactions therefore failed to prompt alerts.
LaFontaine was advised of these issues repeatedly by two different AMLOs during 2009 and 2010, as well as in late 2012 and 2013. Despite the numerous concerns raised, LaFontaine failed to remedy these deficiencies. LaFontaine’s inaction continued until the AMLO bypassed him to report the alert cap problems to the Bank’s Chief Risk Officer in May 2014.
The LaFontaine case is the latest enforcement action that demonstrates that, where AML officers ignore and fail to remediate known AML issues at their financial institutions, the U.S. government will not hesitate to hold them personally liable. It highlights the importance of AML compliance personnel heeding concerns raised by subordinates and regulators, exercising authority to remediate problems, and resolving staffing and resource limitations. Compliance personnel would be well-advised to carefully document efforts to assess, avoid, and reduce AML risks, and to remediate known issues.
 In February 2018, U.S. Bank was assessed a $75 million penalty pursuant to a consent order issued by the Office of the Comptroller of the Currency (“OCC”) and a $15 million penalty pursuant to an order issued by the Board of Governors of the Federal Reserve System, and it was required to pay $453 million ($528 million less the amount paid to the OCC) pursuant to a deferred prosecution agreement with the U.S. Department of Justice (“DOJ”) and $70 million pursuant to a settlement agreement with the U.S. Department of the Treasury (the “Settlement Agreement”). (FinCEN assessed a $185 million penalty against U.S. Bank, which was deemed satisfied by U.S. Bank’s payment of $70 million to the Treasury Department and its payment under the DOJ deferred prosecution agreement.)
The OCC entered into a consent order with Wachovia Bank for “recklessly engag[ing] in unsafe or unsound banking practices and violat[ing] . . . Bank Secrecy Act regulations.” FinCEN also imposed an assessment of $110 million on Wachovia Bank for “fail[ing] to adequately staff the BSA compliance function,” and employing “as few as three individuals” to monitor all of Wachovia’s “correspondent relationships with foreign financial institutions.”
 MoneyGram had entered into a deferred prosecution agreement with the DOJ in 2012 for its facilitation of fraudulently induced transactions, as well as its obfuscation of the worldwide movement of fraud proceeds.
 See also, e.g., FINRA v. Brown Brothers Harriman & Co and Harold A. Crawford (imposing a $25,000 fine on AML compliance officer Harold Crawford in 2014, alongside the company’s $8 million fine for AML lapses in failing to properly monitor and report transactions that appeared to provide anonymity to parties trading in penny stocks); United States v. George Martin (2017 deferred prosecution agreement with Rabobank’s AML compliance manager George Martin, finding that he had helped to create violative exceptions to the bank’s suspicious activity transaction monitoring process).