Learn the compliance lessons from an epic fail in correspondent banking and trade finance
By Kim R. Manchester, Thomson Reuters Accelus contributing author
NEW YORK, July 16 (Thomson Reuters Accelus) – A Settlement Agreement was released in June 2012 by the United States Department of the Treasury regarding the voluntary self-disclosure to the Office of Foreign Assets Control (OFAC) by ING Bank, N.V. (ING Bank), a financial institution registered and organized in the Netherlands. The violations of numerous sanctions programs imposed by the United States against Cuba, Burma, the Sudan, Libya and Iran were determined by the Americans as “egregious.”The total settlement by ING Bank to resolve this matter with the United States is $619,000,000.00, an amount equivalent to 8.5 percent of ING Bank’s net profits in fiscal 2011 or the price of a 32-year stay at Richard Branson’s private 74-acre luxuryCaribbean retreat on Necker Island (at $371,000/week, plus tips).
The bank pledged major changes in the conduct of its business in the areas of policies, software, training and compliance programs, as well as closing offices in certain countries. Although the total cost of such actions has not been made public, it is safe to assume it was an expensive exercise, adding further to the $0.6 billion ING Bank paid to the American government. The total cost of this remarkable failure in correspondent banking and trade-finance risk management will never be known to outsiders.
According to a report from Thomson Reuters, an ING spokesperson stated that “disciplinary actions including terminations and forced early retirement against more than 60 employees” had been undertaken by the bank. American authorities, however, have not yet made public any intentions on prosecuting individual bank employees.
To many market observers, punishing shareholders by reducing profits rather than launching criminal prosecutions of bankers flagrantly violating the law makes a farce of regulatory oversight. Given the recent past and present economic climate, it is likely that this regulatory action will further inflame tempers and push ill-informed politicians into the fray — not the ideal solution to a complex problem.
ING Bank’s expensive settlement was largely a result of “stripping,” the practice of removing or substituting information contained in payment or trade finance instructions in order to prevent association of the transaction with a sanctioned entity – person or corporation – or country.
Payments in U.S. dollars (USD) for international banks operating outside the United States must be handled by a correspondent bank in the United States. Nostro and vostro accounts are debited and credited based on transactional activity between banks based on the currencies involved and the underlying transactions, whether they are related to straightforward payments, international trade or portfolio investment flows.
In this case, the American government spent considerable time examining certain correspondent banking and international trade finance activity of ING Bank, namely:
ING Bank’s operation on the Caribbean island of Curacao would handle settlement instructions for USD payments on behalf of Cuban exporters, but it would not make reference to the Cuban beneficiary; instead, it would use an internal reference number identifiable only to ING Bank in Curacao. For outgoing SWIFT MT103 messages from ING Bank’s Cuban business, field 50 would be not include the name of the Cuban applicant but rather the name of the ING Bank branch handling the payment, or in some cases, the name of the branch itself. [Editor’s Note: A SWIFT payment involves the use of a highly-specialized and secure messaging service to an institution, either in the United States or overseas. It is an acronym for Society for Worldwide Interbank Financial Telecommunications.]
As a result, the payment applicant’s instructions would describe a USD payment, routed through ING Bank’s correspondent bank in the United States with no reference to a Cuban beneficiary, and therefore unlikely to trip automated warnings within the USD correspondent bank’s payments systems.
SWIFT message shopping
ING Bank in Curacao would employ a SWIFT MT202 cover payment message instead of an MT103, as the MT202 would not need to include the originator nor beneficiary information, convenient for when Cuban entities are transacting in USD. SWIFT undoubtedly will be less than pleased finding out their rules were bent to bypass sanctions regulations. An international bank connected to SWIFT can run into significant reputational risk problems if its MT202 cover payments messages require enhanced due diligence by others.
Corporate account nesting
When mitigating the risks of money laundering in correspondent banking activity, one must be careful to ensure one bank does not “nest” its transactional activity in another bank’s regular course of business. In the case of ING Wholesale Banking’s branch in the Netherlands, they nested transactional activity by Cuban companies sanctioned by the United States into corporate account activity by a non-sanctioned corporate entity. They even named this process the use of “a special purpose front office.”
Back-to-unknown letter of credit
A back-to-back or transferable letter of credit is employed by a trading company to prevent the exporter from dealing directly with the importer and cutting out the middle man. In 2003, Bank Tejarat of Iran, the third largest bank in the country, issued a letter of credit for the purchase of an aircraft engine from a firm in the United States. ING Bank’s Romanian branch followed Bank Tejarat’s amendment instructions to scrub the transferable letter of credit of all information related to the Iranian importer and to change the final destination of the goods from Iran to Germany. Both banks knew that if the transaction contained information on the actual purchaser in Iran, the American side would run afoul of economic sanctions.
Judging from the information contained in the Settlement Agreement, it would appear that the advising bank in the United States flagged the transaction and contacted the second issuing bank, ING Bank’s Romanian branch, about further details on the first issuing bank (Bank Tejarat), the importer and final destination. Such flagging could have been an automatic trigger within the advising bank’s AML systems (perhaps due to perceived Romanian country risk levels) or the simple policy of requesting the details of the first transactional leg when processing the second leg of a back-to-back letter of credit.
When an employee of ING Bank’s Romanian branch informed the American advising bank that the first issuing bank was Bank Tejarat of Iran, the transaction was flagged and reported to OFAC.
The techniques noted above all touch upon the techniques of money laundering within correspondent banking and trade-based money laundering, as the proceeds from country sanctions violations routed to the transaction’s beneficiary by mechanisms that disguise origins and lend a veneer of legitimacy to the transaction by financial professionals can be construed as money laundering.
Using the above tactics to evade American law takes time, patience and a coordinated approach by an extensive network of people within a major international financial institution. If large elements of a bank’s sales, operations, risk management and legal counsel act in concert to subvert the country sanctions, the bank’s compliance culture is tragically flawed and prone to place shareholders, directors and unsuspecting employees at risk.
To avoid settlement payments and enforcement agreements whose sum cost rise into the billion-dollar range, international banks must instill a compliance culture within their international trade sales and processing businesses, along with the same within the payments center and the correspondent banking division.
Policies and procedures are delightful documents that often collect physical or digital dust. It is by training staff and opening up the floor to discussion that top-tier international banks instill their compliance culture and substantially lower the risk of implication in a major regulatory event.
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. <a href=”http://accelus.thomsonreuters.com/solut ions/regulatory-intelligence/compliance- complete/” target=_new”>Compliance Complete</a> provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)
(Kim R. Manchester is the founder and Managing Director of ManchesterCF, a Toronto-based firm that provides financial crime risk management training programs and advisory services to financial institutions and public-sector agencies around the globe.)