In recent years, the Financial Crimes Enforcement Network (“FinCEN”) and federal regulators of the financial services industry have more aggressively enforced the Bank Secrecy Act (“BSA”) and the economic sanctions imposed by the US Treasury’s Office of Foreign Assets Control (“OFAC”). While this should in of itself be a matter of particular attention to the directors and officers of those entities in the financial services industry, so too should the recent trend toward increased scrutiny for directors and officers failing to address alleged BSA or OFAC compliance shortfalls. An August 2014 agreement reached by FinCEN and a former casino official permanently barring the official from working in any financial institution drives the point home: When it comes to liability for BSA or OFAC violations, FinCEN and federal regulators might not limit penalties to the entity actually committing violations, and instead, may also penalize the individual directors and officers of those entities.
Even before FinCEN’s August 2014 bar of the casino official, a number of enforcement actions assessed personal monetary penalties against financial institution directors and officers over the past few years. In February 2009, the directors of Sykesville Federal Savings Association were collectively fined $10,500 in non-reimbursable civil money penalties for multiple violations of a consent order to cease and desist. In January 2013, the Office of the Comptroller of the Currency (the “OCC”) levied civil money penalties against five directors and officers of Security Bank for up to $20,000 per person in connection with violations including failure to ensure an effective BSA compliance and suspicious activity reporting (“SAR”) system. In September 2013, the Justice Department charged the CEO of Public Savings Bank with criminal failure to file a SAR and maintain adequate anti-money laundering controls in connection with an $86,400 wire transfer of suspected drug money.
And while most directors and officers are often covered by D&O liability insurance, the Federal Deposit Insurance Corporation (“FDIC”) has taken an increasingly strong position that a financial institution’s insurance policies may not indemnify directors and officers for civil money penalties. In 2011, the FDIC cited several financial institutions for D&O liability insurance policies that covered civil money penalties, and in October 2013 the FDIC published a Financial Institution Letter explicitly prohibiting insured depository institutions or their holding companies from purchasing insurance policies that would indemnify institution-affiliated parties against civil money penalties.
The directors and officers of financial industry participants are ultimately responsible for ensuring that their entities maintain effective BSA/OFAC compliance programs, which must be approved by the board of directors and noted in the board minutes. The intent of FinCEN and the regulators’ increasingly aggressive enforcement tactics are aimed at forcing these executives and directors to prioritize compliance, thereby providing more support to compliance officers. But FinCEN and the regulators should tread carefully, as the approach could have some negative, unintended consequences. For example, qualified personnel might avoid compliance, director or officer positions at financial institutions due to the risk of personal liability, especially due to the prohibition on institution-provided D&O civil money penalty insurance coverage. Also, financial institutions might respond by “de-risking” their activities, terminating or eliminating financial relationships with complete groups of customers or lines of business considered high risk under BSA or OFAC standards. As a result, FinCEN and the regulators should to take a balanced approach to enforcement in the context of personal liability, focusing on knowing or willful, or major and systemic violations, as opposed to honest mistakes, errors in judgment, or minor compliance failures.