1. Inside the Investigation & Prosecution of AML/BSA and Sanctions: FinCEN and the Bank Regulators. Travis P. Nelson New York, NY / Princeton, NJ (212) 549-0236 / (609) 524-2038 tnelson@reedsmith.com

2. Overview Overview of Key BSA/AML Compliance Issues. Supervisory Goals and Approaches. Examples of Recent Enforcement Actions. Maintaining a Culture of Compliance. Dealing with Examinations/Investigations. What to Do and Not Do When the Gov’t Comes Calling.

3. Overview of Key BSA/AML Compliance Issues Introduction. Nobody is above AML investigation and prosecution. Examples… Currency Transaction Reports. Suspicious Activity Reports (SARs). Basic requirements. Confidentiality of SARs. Challenges to confidentiality.

4. Supervisory Goals and Approaches Who’s who? Prudential regulators (Federal and State); FinCEN. OCC. Jurisdictional authority: National banks, federal savings associations, and their directors, officers, employees, and third-party relationships. Key focus areas for OCC supervision and enforcement: Heightened focus on BSA/AML compliance built into examinations. Consideration of AML compliance as part of oversight of third-party relationships. Adequate resources for BSA/AML compliance. Institutional accountability for BSA/AML compliance failures. More aggressive enforcement as a deterrent.

5. Supervisory Goals and Approaches OCC. Challenges facing banks in BSA/AML compliance. Growing sophistication of bad actors. Statutory and regulatory framework needs improvement. Rapidly evolving technology creates new avenues for money laundering.

6. Supervisory Goals and Approaches FinCEN. Jurisdictional authority: Financial institutions (banks, mortgage lenders, casinos, etc.), and their directors, officers, and employees. By the numbers. 55,000 electronically filed BSA reports from more than 80,000 financial institutions each day. This info is available to 9,000 law enforcement and regulatory users through the FinCEN Query database, who run approximately 30,000 searches each day.

7. Supervisory Goals and Approaches FinCEN. Enforcement considerations. Transparency: Enforcement actions should reflect the supervisory goal. Accountability: Admission of liability rather than “neither admit or deny.” Credit where credit is due: Acknowledge remedial efforts – but don’t rely on that alone. Recidivism: Dealing with repeat offenders. Individual Accountability: Who knew what and when? Remedial Framework: Focus on systemic remediation, not just CMPs. Creating a culture of compliance. “Compliance should not be compromised by revenue interests.” – FiNCEN Advisory (Aug. 11, 2014).

8. Supervisory Goals and Approaches NYDFS. Jurisdictional authority: All banks, mortgage lenders, and foreign branches chartered under New York law. Former Superintendent Benjamin Lawsky speech at Columbia Law School (Feb. 15, 2015): “We need more individual accountability after misconduct occurs to help produce real deterrence.” Two key problems with AML monitoring: DFS: “Inadequate or defective design, or programming of the monitoring and filtering systems, faulty data input, or a failure to regularly update these detection scenarios, which may be attributed to lack of sophistication, knowledge, expertise, or attention by the management and/or employees.” DFS: “Willful blindness or intentional malfeasance by bank management, or employees – who, for example, turn down the sensitivity of the filters so the systems do not generate enough alerts and therefore suspicious transactions go undetected.”

9. Examples of Recent Enforcement Actions OCC. First National Community Bank of Dunmore, PA (Feb. 2015). Joint OCC/FinCEN action. Related to Pennsylvania judicial scandal – “kids for cash.” Bank insiders ignored red flags of criminality. $1.5 million CMP. FinCEN. Trump Taj Mahal Casino (March 2015). Failure to maintain an effective AML program; failed to report suspicious transactions; failed to property file CTRs; failed to maintain appropriate records; “Long history” of prior violations, including prior CMPs; had notice of current violations since 2010 and 2012 examinations. $10 million CMP. Tinian Dynasty Hotel & Casino (June 2015). No BSA compliance officer; no AML policies and procedures; no BSA training as to monitoring or recordkeeping; failed to file SARs and CTRs; employees advised undercover agents on how to structure transactions. $75 million CMP. King Mail & Wireless and its Owners (June 2015). Failed to maintain AML program; engaged in high-risk money transfers (Yemen) without proper records or due diligence; conducted transactions with high dollar amounts with no apparent business purpose. $12 CMP and owners were banned from the U.S. financial industry.

10. Examples of Recent Enforcement Actions FinCEN. Desert Palace (Sept. 2015). “Willful and repeated violations of the Bank Secrecy Act” – failed to adequately monitor transactions for suspicious activity. $8 million CMP; agreed to conduct periodic external audits and independent testing of its AML compliance program, report to FinCEN on mandated improvements, adopt a rigorous training regime, and engage in a “look-back” for suspicious transactions. Bank of Mingo of Williamson, West Virginia (June 2015). Willful violations of BSA; serviced high-risk customers without effectively monitoring their accounts for suspicious activity. $4.5 million CMP; joint action with FDIC, USAO (Southern Dist. of WV).

11. Examples of Recent Enforcement Actions NYDFS. June 2014 enforcement action against a multi-national financial institution. Engaged in schemes to evade detection, senior staff concealed more than $190 million in transactions with blocked nations. Required to pay billions in penalties to federal and state regulators, and suspend a profitable business line related to the misconduct. Required the engagement of an independent compliance monitor for BSA/AML compliance. NYDFS directed 13 staff terminated, 45 received some form of discipline. DFS: "[Bank] employees – with the knowledge of multiple senior executives – engaged in a long- standing scheme that illegally funneled money to countries involved in terrorism and genocide. As a civil regulator, we are taking action today not only to penalize the bank, but also expose and sanction individual [Bank] employees for wrongdoing. In order to deter future offenses, it is important to remember that banks do not commit misconduct – bankers do."

12. Examples of Recent Enforcement Actions NYDFS. November 2014 enforcement action against a foreign financial institution operating in New York State. NYDFS Allegations: Bank mislead regulators regarding its transactions with sanctioned countries; pressured third party consultant to remove key warnings to the regulators in a report submitted to the DFS. Action taken against individual employees. DFS: "[Bank] employees pressured [auditors] into watering down a supposedly objective report on the Bank's dealings with Iran and other sanctioned countries, thereby misleading regulators. It is clear that we – as a regulatory community – must work aggressively to reform the cozy relationship between banks and consultants, which far too often has resulted in shoddy work that sweeps wrongdoing under the rug." ​

13. Maintaining a Culture of Compliance Maintain effective compliance policies. Documentation; risk-based. Conduct employee training and audit the training. Training that is appropriate for the employee’s role; retain evidence of training. Internal audit function should be independent of line of business functions. Gap analysis and timely remediation. Evaluate and address consumer complaints. Sources of complaints; examiner expectations. Risk management program should extend to third- party service providers.

14. Dealing with Regulatory Examinations/Investigations Designate a central point of contact to coordinate examination matters and deliver requested information – the “Examination Manager”. Examination manager is the chief liaison with agency examiners. Designate a management official who can provide an overview of the institution’s operations and can direct operational units under exam review. Should include someone from the IT function and the head of the BSA compliance function. Make sure that the examiners’ requests are promptly and properly met. Is the deliverable in the proper format? Does it convey your message – the right message? What about privileged material? Drafts? Have a plan for responding to requests for privileged material Consult outside regulatory counsel Clearly document minutes of meetings and forward to regulatory counsel

15. What to do and not do when the gov’t comes calling! Know the rules: Must be familiar with the examination policies and informal guidelines of the regulators Involve counsel immediately: Comments in meetings or supervisory correspondence. Protection of privilege and document control Review comparable enforcement actions: What remedies have the regulators sought in the past? Consider corrective action Do not overreact: Sometimes more regulators/enforcement counsel are brought than are necessary – Shock and Awe! Know the players: Learn the relative authority and roles of the supervisory staff The examiners do not just “go away” – remember their unique role

16. Travis P. Nelson Co-Chair, Reed Smith Anti-Money Laundering and Trade Sanctions Group Member of the Financial Industry Group and Financial Services Regulatory Group Former Enforcement Counsel with the Office of the Comptroller of the Currency, U.S. Treasury Department, Washington, D.C. Focuses his practice on financial services regulation, enforcement defense, internal investigations, and litigation matters Represents clients before federal law enforcement and regulatory agencies, including the OCC, FRB, FDIC, CFPB, and HUD, as well as various state authorities across the country, including the New York Department of Financial Services Adjunct faculty teaching Regulation of Financial Institutions at Villanova University School of Law Editor-in-Chief of the ABA’s Banking Law Committee Journal Editor of the Reed Smith Financial Services blog – www.financialregulatoryreport.com www.financialregulatoryreport.com tnelson@reedsmith.com +1 212 549 0236 New York, NY +1 609 524 2038 Princeton, NJ