The bank was first warned of having BSA/AML program deficiencies back in 2010 but did not remediate them by 2014, when the OCC placed them under a Consent Order. On February 25th, the bank was assessed a $4MM Civil Monetary Penalty by FinCEN and a $2.5MM penalty by the OCC.
The program deficiencies , as per the FinCEN News Release:
Gibraltar’s substantial AML program deficiencies led to its failure to monitor and detect suspicious activity despite red flags. These deficiencies ultimately caused Gibraltar to fail to timely file at least 120 suspicious activity reports (SARs) involving nearly $558 million in transactions occurring during 2009 to 2013. These deficiencies also unreasonably delayed Gibraltar’s SAR reporting regarding accounts related to a $1.2 billion Ponzi scheme led by Florida attorney Scott Rothstein. Timely filed SARs play an important role in law enforcement’s detection of criminal activity. Mr. Rothstein was convicted in 2010 and sentenced to 50 years in federal prison.
“We may never know how that scheme might have been disrupted had Gibraltar more rigorously complied with its obligations under the law. This bank’s failure to implement and maintain an effective AML program exposed its customers, its banking peers, and our financial system to significant abuse,” said FinCEN Director Jennifer Shasky Calvery.
Gibraltar’s transaction monitoring system contained incomplete and inaccurate account opening information and customer risk profiles, which hindered its compliance staff from adequately spotting unusual account activity. Gibraltar also failed to sufficiently address an automated monitoring system that generated an unmanageable number of alerts, including large numbers of false positives, which caused significant delays in Gibraltar’s review. Gibraltar also failed to properly train its compliance staff, and failed to develop and implement an adequate customer identification program.