Standard Chartered’s AML lapses provide crucial lessons on internal controls

September 9, 2014

By Julie DiMauro, Compliance Complete

NEW YORK, Sept. 9 (Thomson Reuters Accelus) – Standard Chartered Bank’s $300 million penalty from the New York Department of Financial Services (NYDFS) for compliance failings last month highlights the importance of having effective transaction monitoring procedures to meet regulatory requirements, particularly those pertaining to high-risk clients. But what are these transaction monitoring requirements, and who is a high-risk client?

Under the terms of the order with NYDFS, London-based Standard Chartered has to suspend the processing of U.S.-dollar transactions for certain high-risk retail business clients in Hong Kong and the United Arab Emirates until its transaction monitoring program is enhanced. The settlement comes two years after the bank agreed to pay $667 million to a variety of U.S. regulators to resolve allegations of sanctions violations concerning transactions linked to Iran.

The regulator did not disclose what it meant by “high risk,” but it said that a monitor appointed in 2012 uncovered shortcomings in the bank’s surveillance systems that caused a “significant number of potentially high-risk transactions” to go undetected, leading to the August enforcement action.

A significant amount of the potentially high-risk transactions that StanChart’s monitoring systems failed to detect originated from its Hong Kong unit and branches in the United Arab Emirates, according to NYDFS’s statement announcing the recent settlement.

The consent order between the NYDFS and the bank reflected a failure by the New York branch to meet all of the transaction monitoring requirements imposed by U.S. authorities and the international standards set by the Financial Action Task Force (FATF).

Transaction-monitoring requirements

The Bank Secrecy Act (BSA) requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering. Specifically, the Act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion or other criminal activities.

The BSA regulations require all financial institutions to monitor suspicious activity and issue reports on their ongoing monitoring.

Examiners that are assigned to evaluate the effectiveness of a bank’s transaction monitoring system review its currency-activity reports, significant balance change reports, funds transfer reports, monetary instruments sales reports, large item reports, insufficient funds reports, and non-resident alien reports.

Examiners want to make sure these reports are capturing all of the areas that pose money laundering and terrorist-financing risks, commensurate to the bank’s overall risk profile (product line, customers, geographic locations and changes to same after a merger or acquisition, etc.).

The company’s systems must be independently tested for accuracy, use reasonable filtering criteria and generate monitoring reports that identify unusual activity.

These transaction monitoring systems are only as good as they are accurately functioning — but they are also only as good as long as they are being used.

Managing alerts

The bank has to have the policies, procedures and processes to ensure the timely generation of, review of and response to reports used to identify unusual activities.

Questions that compliance professionals should bear in mind include:

  1. Are your policies and procedures used to refer unusual activity shared in a prompt manner to the personnel or department responsible for its evaluation?
  2. Is your staffing level sufficient to handle the review of reports and alerts and the further investigation that they can require? Staffing must be suited the bank’s risk level, not to its staffing level.
  3. Are you going beyond the first level of review to do your customer due diligence? Some of Standard Chartered’s customers were conducting money transfers using expired identification documents, highlighting the bank’s failure to go beyond checking boxes on a checklist on customer identification processes.
  4. Are suspicious activity reports (SARs) created after taking into account all of the available customer due diligence and enhanced due diligence information that was performed on flagged customers?
  5. Are you documenting every stage of compliance to show to both the regulators and your corporate board of directors that all relevant AML/KYC obligations have been understood, acted on and complied with as part of your procedures? This should include any decisions not to file a SAR and be done at regular intervals.
  6. Do you have procedures for escalating issues identified as a result of repeated SAR filings on accounts and policies on closing accounts as a result of certain suspicious activity or patterns of it?
  7. Are you making periodic (at least once a year) reports to the board of directors or an appropriate committee about your SAR reporting and general transaction monitoring processes, results and testing procedures — and your updates of them?
  8. Are your independent audits being tested for quality and accuracy and are they — as well as your own transaction monitoring results — sufficient enough to meet any previous examination concerns?
  9. Are you testing your employees and business partners on their knowledge of how to use these monitoring systems and to report suspicious activity on the part of customers? And do they know how to report any misconduct they witness within the firm or among its business partners when it comes to transaction and customer monitoring?

Regulators are watching

Standard Chartered, in being a repeat offender in terms of money laundering surveillance deficiencies, has the dubious distinction of having the same monitor as the one that flagged the issue in 2012 continue her review of the bank.

Combined with the bank’s announcement in June that it expected its profit to fall in 2014 for the second straight year, it cannot afford not to get its AML protocols completely refurbished.

Moreover, U.S. regulators have shown no restraint in going after banks — either European or U.S.-based — for AML failures or the breach of economic sanctions, so there is little likelihood that this trend will suddenly reverse. BNP Paribas SA’s $8.9 billion settlement may the largest so far, but Standard Chartered has to prove it will finally implement the corrective action that will protect its bottom line, international reputation and senior leadership’s jobs.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/