By Dawn Causey, Tom Pinder and Andrew DoersamNatasha Taft thought she was just doing her job.
As chief compliance officer for the New York branch of the Agricultural Bank of China, she filed a whistleblower complaint in response to the bank’s refusal to correct BSA violations she discovered: that customer payments over the SWIFT network were using a bank-to-bank format to purportedly hide information regarding the transmitter and recipient. She even sent a memo to the Federal Reserve Bank of New York outlining the bank’s purported violations and sought guidance as to the suspected transactions.
But then, Taft claimed, her supervisors became furious and sought to punish her for exposing the bank’s compliance deficiencies, ultimately leading to her termination. In the end, she was forced to file a whistleblower retaliation lawsuit against the bank.
Taft beat the bank’s motion to dismiss and later settled. The court found that Taft plausibly pled facts to show that she acted independently of the bank because the bank engaged in a concerted effort to stop Taft from raising her concerns.
Certainly Taft went above and beyond to spearhead correcting the compliance violation while still maintaining her integrity along the way. But her story echoes the experience of many chief compliance officers who often find themselves caught between a rock and a hard place when reporting AML/BSA violations.
When CCOs report a possible AML/BSA violation to a regulator, for example, they could face a backlash from their employer. Alternatively, when CCOs recommend compliance fixes that are ignored by management, they themselves can be held liable by regulators for not doing their job.
Take the case of Thomas Haider, former CCO at MoneyGram. In May of this year, Haider agreed to pay $250,000 to settle AML violations with the Financial Crimes Enforcement Network. Haider reluctantly admitted that he failed to conduct adequate audits of MoneyGram’s agents suspected of engaging in fraud and failed to implement a policy for terminating or disciplining agents that presented a high risk of fraud. Haider also agreed to a three-year ban on working for any money transmitter.
Was Haider an ineffective CCO or a compliance scapegoat? By his account, he supported the fraud department’s proposals to terminate and discipline agents, but his recommendations were ignored by the sales division that had the authority to implement the recommendations. MoneyGram’s AML programs were audited by regulators and outside consultants, but none of the reviews flagged any of FinCEN’s findings.
Similarly, the FDIC determined that a former CCO at Banamex USA was liable for failing to discover that the bank processed over 30 million remittance transactions to Mexico worth $8.8 billion, imposing a $70,000 fine and a bank employment ban. Although the FDIC alleged that the CCO exhibited a “continuing disregard for the safety or soundness of the bank” that caused the compliance lapses, it appeared to ignore that the CCO was proactive in making recommendations to senior management regarding the BSA compliance.
The regulators’ untested theories of liability are still up in the air and inconsistent. The Taft case places a high bar for CCOs to avoid liability. One solution would be for regulators to find a pathway to improve their working relationship with CCOs.
After all, CCOs are on the front lines and can stand the heat. But with the unfair burden placed on them by the regulators, who would blame them for getting out of the kitchen?
Dawn Causey is general counsel at ABA, where Thomas Pinder is SVP for litigation and Andrew Doersam is a paralegal.