Sanctions Compliance Shortfalls Result in $1B Global Enforcement Action
On April 9, 2019, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of Justice (“DOJ”), the New York Department of Financial Services (“NYDFS”), the New York County District Attorney’s Office, the Board of Governors of the Federal Reserve System, and the Financial Conduct Authority (“FCA”) in the U.K. announced separate settlements with Standard Chartered Bank (“SCB”), a U.K. multinational bank, resulting in an aggregate of over US$1 billion in fines to resolve potential liability arising from transactions that were processed to or through the United States in violation of Iran, Cuba, Sudan, Syria, and Burma sanctions.
This global enforcement action and major settlement targeting alleged violations of U.S. sanctions by a non-U.S. financial institution is the latest example of the increasing cooperation among enforcement authorities in and outside the United States focusing on alleged financial crimes by multinational corporations. The various orders demonstrate a regulatory emphasis on SCB’s apparent lack of adequate compliance structures to manage the risk of violation of these complex multi-jurisdiction requirements. In addition to fines and revisions to policies and procedures, the various settlements contain provisions whereby regulators preclude individuals involved in the illicit conduct from any direct or indirect future involvement at SCB. This coincides with the DOJ’s announcement that one of SCB’s former employees involved in the alleged misconduct pled guilty in the District of Columbia for conspiring to defraud the United States and to violate the International Emergency Economic Powers Act (“IEEPA”).
Key Facts and Findings:
From June 2009 until June 2014, SCB processed to or through the United States 9,335 United States Dollar (“USD”)-denominated transactions that involved persons or countries subject to comprehensive sanctions programs administered by OFAC. These transactions totaled over US$430,000,000.
The agencies focused their investigations on transactions involving Iran-related accounts maintained by SCB’s Dubai, UAE branches (“SCB Dubai”), including accounts at SCB Dubai held for a number of general trading companies and a petrochemical company. SCB Dubai processed USD-denominated transactions to or through SCB’s branch office in New York or other U.S. financial institutions on behalf of customers that sent payment instructions to SCB Dubai; these customers were physically located in and/or were residents of Iran.
The investigations revealed that a majority of the USD-denominated transactions were transmitted to SCB Dubai through SCB’s fax and online payments system at the Dubai branch. In order to avoid detection by U.S. financial institutions or regulators, employees of SCB Dubai developed “ways to structure financial transactions that would not raise suspicion of an Iran connection” and that involved providing “false and misleading information in order to disguise the Iranian connections.”
In reaching the settlements, regulators focused on SCB’s lack of global compliance controls—and failure to address red flags—that would have prevented transactions with countries embargoed under U.S. law. OFAC’s press release explained that “SCB’s compliance program was inadequate to manage the bank’s risk and suffered from multiple systemic deficiencies, including failure to respond to warning signs in a timely and efficient manner.” OFAC found that despite “multiple supervisory employees and management personnel” being aware of potential access to SCB’s online systems in Iran, the Bank failed to adequately implement controls to block access.
Prosecutors also announced the guilty plea of an anonymous employee of the Bank’s Dubai branch involved in the misconduct. Referred to as Person A in the amended Deferred Prosecution Agreement, the employee pled guilty to conspiring to defraud the United States and to violate the IEEPA. Commenting on prosecuting individuals involved in sanctions violations, U.S. Attorney Jessie K. Liu of the District of Columbia stated: “When bank employees and customers conspire to violate U.S. sanctions and subvert our national security, we will bring them to justice no matter where they reside or operate.”
SCB also agreed with the Federal Reserve and NYDFS to hold accountable individuals involved with the alleged conduct by prohibiting them from any future involvement with the Bank. Specifically, SCB agreed not to retain any individual as an officer, employee, agent, consultant, or contractor who was found to have “participated in the illegal conduct . . . [and] been subject to formal disciplinary action as a result of Standard Chartered’s internal employee accountability review” and who “has either separated from Standard Chartered or has had his or her employment terminated.”
Collectively, SCB agreed to settle multiple alleged violations of the IEEPA, including two felony counts of conspiracy to violate the IEEPA, New York banking laws, and various anti-money laundering (“AML”) regulations. The settlement required that SCB extend its prior Deferred Prosecution Agreement with the DOJ for an additional two years.
As part of the settlement, SCB agreed to adhere to ongoing compliance commitments related to Management, Risk Assessment, Internal Controls, Testing and Audit, Training, and Annual Certification. These compliance commitments are consistent with the “five pillars” of an effective AML and Bank Secrecy Act compliance program, as established by the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”).
The SCB settlement highlights U.S. and U.K. regulators’ continued focus on compliance, and their specific attention to the lapses in internal controls which led to the alleged violations.
The global coordinated effort by state, federal, and non-U.S. enforcement agencies suggests that companies should be prepared to manage simultaneous complex internal investigations addressing complex legal and regulatory requirements in various jurisdictions.
Based on the requirements set forth in the OFAC settlement, both financial and non-financial institutions should examine their compliance programs against FinCEN’s “five pillars” of an effective compliance program.
Where a company has significant lapses in internal controls and ignores red flags, the settlements suggest that regulatory agencies are more likely to conclude that the violations were egregious and/or criminal, significantly increasing the company’s exposure.
Individuals may also face criminal prosecution, no matter where those individuals are located. As part of any internal remedial efforts, companies should take a proactive approach to consider whether individuals should be barred from any future employment with the company. Moreover, employees should be aware that a company-centric settlement could effectively result in a bar on future employment without the due process of a specific enforcement action being brought against the employee.
All companies should instruct senior management to take immediate action to address any red flags suggesting potential involvement with sanctioned jurisdictions.
 The agencies’ announcements and orders are available at: