NY DFS updates


Bank and Its Affiliates Conducted Billions of Dollars in Illegal and Non-Transparent Payment Transactions to Countries Subject to Embargoes and Other Sanctions, Including Iran, Libya, Myanmar and Sudan

DFS Fine Part of $1.3 Billion Global Settlement Concluded with Manhattan District Attorney, Department of Justice, Department of Treasury, and the New York Branch of the Federal Reserve

Acting Financial Services Superintendent Linda A. Lacewell today announced that the New York Department of Financial Services (DFS) has fined UniCredit Group $405 million for violations of sanctions laws that involved billions of dollars in illegal and non-transparent transactions to clients in countries subject to sanctions, including Cuba, Iran, Libya, Myanmar and Sudan.  The $1.3 billion global settlement announced today was reached in conjunction with the Manhattan District Attorney, the U.S. Department of Justice, the U.S. Treasury Department, and the New York branch of the Federal Reserve Bank and stems from an investigation of the companies’ U.S. dollar payment transactions between 2002 and 2011.  Under today’s settlement, UniCredit Group will submit a compliance program, acceptable to DFS, to comply with U.S. and New York sanctions laws and regulations.

“UniCredit prioritized profit over compliance and security by deliberately engaging in billions of dollars of transactions with clients from sanctioned nations, including Iran, Libya, and Cuba, and then working to cover their tracks to avoid detection,” said Acting Superintendent Lacewell.  “Sanctions against dangerous foreign regimes and terrorist groups are critical to protect national security and uphold the integrity of our global financial system, and DFS will hold violators accountable to the fullest extent of the law.”

UniCredit AG Violations

In 2004, UniCredit AG implemented an automated transaction filtering tool, known as the “Embargo Tool,” to identify transactions containing information relevant to the Office of Foreign Assets Control (OFAC), indicating a connection to a person or entity prohibited by U.S. sanctions or OFAC’s Specially Designated Nationals list. However, at the time the companies implemented the Embargo Tool, the Core Compliance Team established detailed instructions for intentionally circumventing the tool for transactions prohibited by OFAC, in order to avoid inconveniencing bank customers. The instructional guide directed bank employees to violate New York law by submitting certain payment orders in what was euphemistically known as an “OFAC-neutral” manner, meaning without the involvement of U.S. banks or ensuring that the information implicating OFAC sanctions was not revealed in the payment messages sent to U.S. banks. 

The DFS investigation found that UniCredit AG conducted approximately 2,570 non-transparent U.S. dollar payment transactions, totaling approximately $5.4 billion, sent by UniCredit AG through the U.S banking system between 2002 and 2011.  DFS also found that between 2002 and 2011, UniCredit AG sent approximately 300 U.S. dollar payments (totaling approximately $61.5 million) through the U.S. banking system that were prohibited by OFAC and involved the use of non-transparent payment messaging. DFS also identified an additional 667 U.S. dollar payment transactions that were illegal under federal law, totaling approximately $660 million and sent by UniCredit AG through the U.S. banking system between 2002 and 2011, including some transmitted through financial institutions regulated by DFS.  These payments violated federal sanctions law applicable to countries such as Iran, Libya and Cuba.

The bank used non-transparent methods that included “cover payments” and “wire stripping,” with some transmitted through financial institutions regulated by DFS.  Under the cover payment method, the bank used Society of Worldwide Interbank Financial Telecommunications (SWIFT) payment messages to disguise transactions. The first SWIFT message, known as an MT103, included all details about the transaction, and UniCredit AG would send it directly to the prohibited beneficiary’s bank.  UniCredit AG would then send a second message, known as an MT202 or “cover payment” message, to the U.S. financial institution in New York that was clearing the U.S. dollar payment.   The “cover payment” message intentionally omitted details about the underlying parties to the transaction and was sent for the transaction to be settled in U.S. dollars.

UniCredit AG also used another deceptive practice known as “wire stripping,” which involved bank employees deliberately removing information identifying potentially sanctioned entities from payment messages and instructions to ensure customer payments were not impeded by sanctions prohibitions. For example, the Core Compliance Team instructed other employees to strip words such as “Sudan,” Myanmar” and “Tehran,” noting in one instance that such terms “should be deleted because of the US embargo against Iran.”

UniCredit AG maintained accounts and processed U.S. dollar payments on behalf of customers affiliated with the Islamic Republic of Iran Shipping Line (IRISL), despite sanctions prohibiting such activity. By sending approximately 1,319 OFAC-prohibited U.S. dollar payments, totaling nearly $75 million, through the U.S. financial system between 2004 and 2011, UniCredit AG assisted IRISL and IRISL-affiliated customers in accessing the U.S. financial system.

UniCredit S.p.A. Violations

DFS’s investigation also determined that UniCredit S.p.A. conducted approximately 957 U.S. dollar transactions, valued at $79.5 million, in violation of U.S. sanctions laws and regulations. 

In January 2007, OFAC designated Bank Sepah as a specially designated national, or “SDN”, which made it a prohibited entity, due to Bank Sepah’s role in developing Iran’s nuclear program.  At about the same time, Bank Sepah was designated as an entity subject to U.N. and E.U. sanctions laws as well.  In October 2007, UniCredit S.p.A. opened an account at the request of and under the control of the Italian government, for the purpose of holding and disbursing frozen funds belonging to Bank Sepah. 

In addition, UniCredit S.p.A. purposefully conducted illegal payments involving Cuban entities.  Nearly 60 percent of UniCredit S.p.A.’s impermissible transactions violated long-standing U.S. sanctions against Cuba.  Many of these transactions involved payments made pursuant to letters of credit related to the shipment of goods to Cuba from various locations worldwide.  These transactions spanned from at least 2003 through 2012, and the value for outbound payments during this time exceeded $50 million.  UniCredit S.p.A. also conducted payments that violated U.S. sanctions regarding Myanmar.  Intentionally deceptive methods enabled UniCredit S.p.A. to make more than $4 million in payments in violation of the sanctions against Myanmar between 2003 and 2012.

UniCredit Bank Austria Violations

DFS’s investigation found that UniCredit Bank Austria (UniCredit BA) carried out approximately 330 impermissible U.S. dollar transactions, valued at approximately $118 million, and conducted nearly 2,500 non-transparent U.S. dollar payments, totaling approximately $3.9 billion between 2004 and 2012. Like its affiliates, UniCredit BA used altered or non-transparent payment messages to process millions of dollars of transactions through U.S. financial institutions on behalf of customers who were subject to U.S. economic sanctions.  In 1999, UniCredit BA created its own written policy which instructed UniCredit BA employees how to handle payment processing involving countries that were affected by U.S. sanctions. However, the written policy also directed employees to use non-transparent methods when executing U.S. dollar transactions implicating U.S. sanctions, in order to hide the true nature of those payments.

UniCredit BA employed non-transparent payment messages involving Iranian parties.  Between May 2008 and 2012, UniCredit BA executed U.S. dollar payments involving goods transmitted through ports in Iran, executing 153 payments, totaling approximately $102 million, in direct violation of the laws and regulations of the U.S. and State of New York.

Sanctions Compliance Program

Under the settlement announced today, UniCredit S.p.A. will submit to DFS an acceptable OFAC compliance program, including a timetable for implementation, to ensure compliance with applicable OFAC regulations and New York laws and regulations by UniCredit Group’s global business lines. The program must include the following measures, among others:

  • An annual assessment of OFAC compliance risks arising from the global business activities and customer base of UniCredit Group’s subsidiaries, including risks arising from transaction processing and trade finance activities conducted by or through UniCredit Group’s global operations;

  • Policies and procedures to ensure compliance with applicable OFAC Regulations by UniCredit Group’s global business lines, including screening with respect to transaction processing and trade financing activities for the direct and indirect customers of UniCredit Group subsidiaries;

  • The establishment of an OFAC compliance reporting system that is widely publicized within the global organization and integrated into UniCredit Group’s other reporting systems in which employees report known or suspected violations of OFAC Regulations, and that includes a process designed to ensure that known or suspected OFAC violations are promptly escalated to appropriate compliance personnel for appropriate resolution and reporting;

  • Procedures to ensure that the OFAC compliance elements are adequately staffed and funded; and

  • Training for UniCredit Group’s employees in OFAC-related issues appropriate to the employee’s job responsibilities that is provided on an ongoing, periodic basis.

  • An audit program designed to test compliance with OFAC regulations.

DFS recognizes the bank’s substantial cooperation with the investigation and will ensure the bank upholds its pledge to rectify these matters.


NY DFS Press Release

Consent Order

Settlement Agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and Société Générale S.A.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) today announced a $53,966,916.05 settlement with Société Générale S.A. to settle potential civil liability for apparent violations of U.S. sanctions.  The settlement resolves OFAC’s investigation into Société Générale S.A.’s processing of transactions to or through the United States or U.S. financial institutions in a manner that removed, omitted, obscured, or otherwise failed to include references to OFAC-sanctioned parties in the information sent to U.S. financial institutions that were involved in the transactions.  Société Générale S.A. processed 1,077 transactions totaling $5,560,452,994.36 in apparent violation of the Cuban Assets Control Regulations, 31 C.F.R. part 515; the Iranian Transactions and Sanctions Regulations, 31 C.F.R. part 560; and the Sudanese Sanctions Regulations, 31 C.F.R. part 538.  This settlement with OFAC is part of a global settlement among Société Générale S.A., OFAC, the Board of Governors of the Federal Reserve System, the U.S. Department of Justice, the New York County District Attorney’s Office, the U.S. Attorney for the Southern District of New York, and the New York State Department of Financial Services.

The settlement agreement is fascinating – there was a process of stripping incriminating details from payments over a long period of time (from 2003 until 2012). And SocGen had created procedures on how to do it – like a number of other banks who have had enforcement actions for similar actions.

OFAC found that this was an egregious case of violations, which were not voluntarily self-disclosed. The base penalty amount was $101,630,490.80.

And here is how OFAC’s thinking got that penalty down to the almost $54 million:

The settlement amount reflects OFAC’s consideration of the following facts and circumstances, pursuant to the General Factors Affecting Administrative Action under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. Part 501, app. A. OFAC found the following to be aggravating factors:

 Société Générale S.A. had indications that its conduct might constitute a violation of U.S. law, and certain Société Générale S.A. employees demonstrated awareness that Société Générale S.A.’s conduct constituted a violation of U.S. law before and at the time the Apparent Violations took place;

 Société Générale S.A. exercised a reckless disregard for U.S. sanctions requirements when it demonstrated a pattern or practice across multiple bank units and business lines of processing transactions to or through U.S. financial institutions after removing, omitting, obscuring, or otherwise failing to include the involvement of OFAC-sanctioned parties in associated payment instructions, which apparently continued practices set out in stripping instructions that the bank drafted, disseminated, and revoked prior to 2007;

 Société Générale S.A. ignored warning signs that its conduct could have constituted an apparent violation of U.S. sanctions laws on numerous occasions, including on numerous occasions when U.S. financial institutions rejected payment instructions containing references to OFAC-sanctioned parties, and when bank employees read OFAC’s enforcement actions and discussed the similarities between the conduct in those enforcement actions and Société Générale S.A.’s payment practices;

 Numerous Société Générale S.A. employees and members of the bank’s management across multiple business lines and bank locations had actual knowledge of the conduct that led to the Apparent Violations;

 Société Générale S.A.’s conduct conferred significant economic benefit to persons subject to U.S. sanctions and undermined the integrity and policy objectives of multiple U.S. sanctions programs; and

 Société Générale S.A. is a large and commercially sophisticated financial institution. 

OFAC found the following to be mitigating factors:

 Société Générale S.A. has not received a Penalty Notice or Finding of Violation from OFAC in the five years preceding the date of the earliest transaction giving rise to the Apparent Violations;

 Société Générale S.A. cooperated with OFAC’s investigation of the Apparent Violations by conducting an internal investigation, responding to multiple requests for information in a timely manner, and executing a statute of limitations tolling agreement with multiple extensions; and

 Société Générale S.A. took remedial action in response to the apparent violations described above:

o Société Générale S.A has terminated the conduct outlined above and has established, and agrees to maintain, policies and procedures that prohibit, and are designed to minimize the risk of the recurrence of, similar conduct in the future.

o Société Générale S.A has created a centralized sanctions compliance function, implemented key enhancements at the group level, and implemented enhancements within the business lines that were subject to the review.

o Société Générale S.A has increased the number of personnel within compliance staffing, and SG’s total budget for sanctions compliance has also increased.

o Société Générale S.A has implemented a more comprehensive training regime for employees across the group and various business lines, including a group-wide general training program. Group Sanctions Compliance has also developed targeted, in-person training for employees with a higher risk of exposure to sanctions-related transactions.

And the fine from the NY Department of Financial Services (NY DFS) is much larger – $325MM. Here’s their press release, which also includes the fact that they had BSA/AML failures that drew a fine, too:


Bank Fined $325 Million for Executing Billions of Dollars in Illegal and Non-Transparent Transactions to Iran, Sudan, Cuba and Libya from 2003 to 2013

Additionally, Bank to Pay $95 Million for Anti-Money Laundering Laws and Compliance Deficiencies

Bank Must Take Corrective Actions to Improve Oversight and Compliance with Sanctions Laws, and Hire Independent Consultant to Evaluate Implementation of Remedial Steps in New York Branch’s Operations

Financial Services Superintendent Maria T. Vullo today announced that the Department of Financial Services (DFS) has entered into two consent orders with Société Générale SA and its New York branch under which the bank will pay fines totaling $420 million for violations of laws governing economic sanctions and New York anti-money laundering laws.  A DFS investigation found that the bank executed billions of dollars in illegal and non-transparent transactions to parties in countries subject to embargoes or otherwise sanctioned by the United States, including Iran, Sudan, Cuba and Libya, and its New York branch violated New York Anti-Money Laundering (AML) and recordkeeping laws in the New York branch’s operations.  In addition, the bank and the New York branch violated provisions of the banks’ 2009 agreement with DFS to implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law (BSA/AML) compliance program and transaction monitoring system.  Société Générale will pay DFS $325 million for sanctions violations and $95 million for the BSA/AML violations.

“The absence of an effective, global sanctions-compliance infrastructure and lack of management oversight allowed Société Générale employees to ignore the scope and applicability of laws governing economic sanctions, as well as New York anti-money laundering and recordkeeping laws,” said Superintendent Vullo.  “With these consent orders, DFS is holding Société Générale accountable for complying with U.S. and New York anti-terrorism and anti-money laundering laws and ensuring its vigilance against illicit activity. The Department appreciates the bank’s cooperation in resolving these matters and commitment to full remediation of its compliance deficiencies.”

Sanctions Violations

A DFS investigation found that from 2003 to 2013 Société Générale failed to take sufficient steps to ensure compliance with U.S. sanctions laws and regulations in a timely manner.  Individuals responsible for originating U.S. dollar transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets. DFS conducted its investigation in conjunction with the Department of Justice, the Manhattan District Attorney, the Federal Reserve Board, and the Office of Foreign Assets Control (OFAC), which are also announcing resolutions for sanctions violations today.
During the review period, Société Générale executed, in an improper, non-transparent manner, more than 9,000 outbound U.S. dollar payments, valued at over $13 billion.  More than $12.5 billion of these non-transparent payments involved Iran, nearly $130 million were connected to Cuba, and approximately $29 million were tied to Sudan.

In violation of applicable laws governing economic sanctions, Société Générale executed more than 2,600 outbound U.S. dollar payments, valued at approximately $8.3 billion, during the review period.  Nearly $7.7 billion of these impermissible transactions related to the bank’s Cuban credit facilities, approximately $333 million implicated sanctions against Sudan, and nearly $140 million involved sanctions against Iran.  The remaining impermissible payments were made in violation of sanctions against Libya (approximately $145 million), Myanmar (approximately $14 million) and North Korea ($500,000).


Many of the payments to Iran were so-called “U-Turn payments,” which were allowable under laws governing economic sanctions until November 2008. Under the exception, U.S. financial institutions were authorized to process certain funds transfers for the direct or indirect benefit of Iranian banks, other persons in Iran, and the government of Iran, provided that such payments were initiated offshore by a non-Iranian, non-U.S. financial institution and only passed through the U.S. financial system en route to another offshore, non-Iranian, non-U.S. financial institution.  However, executing compliant U-Turn transactions often triggered alerts at U.S. financial institutions, possibly subjecting the flagged transactions to further review and taking longer than the bank’s customers expected or desired.  The bank also corresponded with customers to assure them that U.S. sanctions would have a minimal impact on customer service despite existing sanctions laws.

Elevating customer service over compliance, the bank’s Paris Operations Department developed a procedure specifically for what it called “international settlement with countries under USD embargo” when processing U.S. dollar payments involving Iran.  This procedure frequently involved using “cover-payments” to avoid detection in the U.S. by dividing the payment instructions involving Iranian bank treasury transactions or customer payments into two message streams.  The first SWIFT payment message, known as an MT103, included all details about the transaction, which Société Générale would send directly to the Iranian beneficiary’s bank.  The bank would then send a second message, known as an MT202, or “cover payment” message, to the bank’s New York branch.  The cover payment message did not include details about the underlying parties to the transaction and was sent to allow a transaction to be settled in U.S. dollars.   If such information was inadvertently included in the MT202 payment message, it would sometimes be removed or “stripped” from the message, a practice known as “wire stripping.”


DFS’s investigation also found that during the review period, the bank’s Global Finance Department maintained a number of U.S. dollar-denominated credit facilities related to Cuban parties or assets in violation of U.S. laws restricting business with Cuba.  During the review period, the bank maintained approximately 30 such facilities, some of which involved Cuban entities and others implicated financing of foreign trading companies exchanging Cuban commodities.  As with its Iranian business, the bank worked during the review period to ensure that U.S. sanctions did not interfere with its Cuba-related business.  General guidelines applicable to the bank’s handling of U.S. dollar transactions on behalf Iranian parties were equally applicable to U.S. dollar transactions possibly implicating Cuban restrictions.


To facilitate USD transactions involving a Sudanese entity, Société Générale personnel at its Paris Rive Gauche Enterprises branch sent payment instructions to U.S. financial institutions through the SWIFT payment messaging system, omitting the Sudanese entity’s address to avoid triggering the bank’s transaction monitoring and sanctions filtering tools or raising red flags at the U.S. dollar clearing institution.  Instead, nearly all of the relevant SWIFT messages transmitted to the U.S. listed an address for the Sudanese entity in Paris associated with one of its shareholders.

Consequently, the nexus between the transaction and the sanctions target was not apparent on the face of the payment message, and regulators and others involved in the transaction flow were deceived.

The DFS investigation determined that from May 2007 through March 2012, the bank illegally conducted 260 outbound USD transactions on behalf of the Sudanese entity totaling more than $22 million.  All but two of these illicit transactions listed the Paris address for the Sudanese entity in the outbound payment message, and 20 of these transactions, totaling approximately $2 million, cleared directly through the bank’s New York branch.

Inadequate Controls

The DFS investigation determined that a principal factor that allowed these unlawful practices to flourish at the bank was the inadequacy of the Société Générale’s sanctions-related internal controls.  In 2003, the bank issued a group-wide policy on combating terrorist financing that discussed sanctions compliance.  The policy focused primarily on French and European Union requirements and mentioned laws governing economic sanctions only in passing.  However, the policy did state that laws governing economic sanctions “apply to transactions denominated in US dollars, regardless of the location of the issuing institution, if these transactions transit through United States territory.”  Despite the fact that this information was circulated to compliance officers group-wide, wide-ranging prohibited and non-transparent transactions continued through the bank’s New York branch.

Under the consent order announced today, Société Générale must submit to DFS a written Sanctions Compliance Plan, acceptable to DFS, to improve and enhance the bank’s compliance with applicable OFAC and New York laws and regulations relating to sanctions compliance.

The bank must also develop a Corporate Oversight Plan to enhance oversight by the management of Société Générale and the New York branch, including the branch’s compliance with applicable OFAC and New York laws and regulations relating to sanctions compliance.  DFS recognizes Société Générale’s substantial cooperation with the Department’s investigation, including the bank’s own internal investigation and the voluntary disclosure that the bank submitted to OFAC in February 2013 and which was subsequently shared with the Department.

Bank Secrecy Act/Anti-Money Laundering Violations

On March 4, 2009, Société Générale and its New York branch entered into a written agreement with DFS through its predecessor, the New York State Banking Department and the Board of Governors of the Federal Reserve System, acknowledging that bank examinations had identified deficiencies in the branch’s compliance and risk management programs.

While the Branch made substantial gains in improving its compliance program between 2009 and 2013, subsequent targeted DFS examinations found that the branch’s compliance with the written agreement and New York’s anti-money laundering laws and regulations had fallen off precipitously.  DFS examiners discovered fundamental deficiencies in the branch’s policies and procedures governing suspicious activity reporting and remaining flaws in the branch’s customer due diligence protocols.

Under the consent order announced today, Société Générale must submit to DFS written plans to revise its BSA/AML compliance program, and enhance its customer due diligence program as well as oversight by the management of the bank and the New York branch of the New York branch’s compliance with BSA/AML requirements and relevant state laws and regulations.

The bank must also engage an independent consultant to conduct an evaluation of Société Générale’s and the New York branch’s implementation of the remedial steps outlined in the consent order.

DFS acknowledges Société Générale’s sound cooperation in this matter, including demonstrating a commitment to remediating the shortcomings identified, and to building effective and sustainable BSA/AML and OFAC compliance programs.

Société Générale is an international banking and financial services company with about $1.5 trillion in assets as of June 30, 2018.  Its New York branch provides corporate and investment banking services principally to commercial and institutional customers.  The branch conducts U.S. dollar clearing for Société Générale’s branches and affiliates, having cleared nearly two million transactions totaling approximately $21 trillion in 2017.

When we get more parts of the overall puzzle, we will post them.


OFAC Notice

Settlement Agreement

OFAC Enforcement Information

NY DFS Press Release

NY DFS Consent Order – SanctionsAML

Press Release

October 10, 2018

Contact: Richard Loconte, 212-709-1691


DFS Examinations Found Multiple Deficiencies in the Bank’s Compliance with Anti-Money Laundering Laws and Office of Foreign Asset Controls Regulations

Bank Must Hire Third-Party Consultant to Address Compliance Deficiencies
 and Review Transaction Clearing Activity

Financial Services Superintendent Maria T. Vullo today announced that the Department of Financial Services has fined United Arab Emirates-based Mashreqbank PSC and its New York branch $40 million for violations of U.S. Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws in the New York branch’s U.S. dollar clearing operations.  Under a consent order announced today Mashreqbank must also immediately hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function, including compliance with BSA/AML requirements, federal sanctions laws and New York law and regulations. The bank must also hire a third party “lookback consultant” to conduct a review of the branch’s transaction clearing activity for April 2016 to September 2016, along with other remedial actions. The consent order stems from examinations by DFS and the Federal Reserve Bank of New York (FRBNY).

“Mashreqbank failed to fully comply with critical New York and federal banking laws aimed at combating international money laundering, terrorist financing and other related threats by failing to provide adequate oversight of transactions by customers in high-risk regions,” said Superintendent Vullo. “DFS appreciates Mashreqbank’s strong cooperation in resolving this matter. By this consent order, the bank is being held accountable for ensuring vigilance against money laundering and other illicit activity to ensure that our financial system remains safe and sound.”

Mashreqbank is the oldest and largest private bank in the UAE, and its New York branch is its only one located in the United States. The New York branch offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa – regions that present a high risk in connection with financial transactions. The branch engaged in a substantial amount of U.S. dollar clearing activity for foreign customers in high risk jurisdictions. For example, in 2016, the branch cleared more than 1.2 million U.S. Dollar transactions with an aggregate value of over $367 billion.  In 2017, the branch cleared well over 1 million U.S. Dollar transactions with an aggregate value exceeding $350  billion.

DFS acknowledges Mashreqbank’s strong cooperation in this matter, including demonstrating a commitment to remediating the shortcomings identified, and to building an effective and sustainable BSA/AML and OFAC compliance infrastructure. Among other factors, DFS has given substantial weight to the laudable conduct of Mashreqbank described in the Consent Order in agreeing to the terms and remedies of the consent order, including the amount of the civil monetary penalty imposed.

DFS conducted a safety and soundness examination of the New York branch’s operations in 2016, finding that the branch had been unable to meet its commitments to improve its compliance function sufficiently. Following this examination, DFS examiners issued the branch a low overall score, whereas two years earlier the New York branch had received a satisfactory score on its safety and soundness examination. This downgrade was the result mainly of deficiencies in the New York branch’s Bank Secrecy Act and Anti-Money Laundering (“BSA/AML”) program, as well as certain defects identified in its program and policies designed to comply fully with OFAC regulations. At the time of the 2016 Examination, the branch’s BSA/AML and OFAC policies lacked detail, nuance or complexity, doing little more than citing standard language from applicable regulations.

Subsequently, in November and December of 2017, DFS examiners, along with examiners from FRBNY, conducted a joint examination. Examiners found that records regarding specific alerts and dispositions continued to lack detailed information, making it difficult for examiners to assess the adequacy of investigations conducted by compliance staff. Rationales for closing alerts also failed to include essential information.

Further, the examination found that each transaction monitoring alert would be reviewed only once by a single reviewer, who would then determine whether the alert should be closed or escalated, but without adequate quality assurance reviews. The branch’s OFAC program also suffered from certain deficiencies in important aspects of its recordkeeping. The branch maintained inadequate documentation concerning its dispositions of OFAC alerts and cases, with branch compliance staff failing to properly substantiate its rationales for waiving specific alerts and cases.

The joint examination also found that the bank’s Head Office failed to provide sufficient oversight of a third-party auditor hired to conduct the branch’s 2017 AML/BSA audit and to evaluate the branch’s remedial work. The 2017 examination detailed additional deficiencies and assigned the New York branch another low score for the second consecutive examination cycle, which followed the branch’s earlier failures to fully remediate compliance issues.

Under the consent order announced today, Mashreqbank must also submit to DFS the following:

  • A written revised BSA/AML compliance program for the New York branch acceptable to DFS;
  • A written program to reasonably ensure the identification and timely, accurate, and complete reporting by the New York branch of all known or suspected violations of law or suspicious transactions to law enforcement and supervisory authorities, as required by applicable suspicious activity reporting laws and regulations;
  • A written enhanced customer due diligence program acceptable to DFS;
  • A written plan to enhance oversight, by the management of the bank and the New York branch, of the branch’s compliance with BSA/AML requirements, New York State laws and regulations, and the regulations issued by OFAC.

Mashreqbank must engage an independent third-party consultant, chosen by DFS to oversee and address deficiencies in the branch’s compliance function, including compliance with BSA/AML requirements, federal sanctions laws, and New York law and regulations.


NY DFS Press Release

Consent Order


DFS Investigation Finds Western Union Failed to Implement and Maintain Anti-Money Laundering Compliance Between 2004 and 2012

Western Union Executives and Managers Willfully Ignored and Failed to Disclose Illegal Conduct by Agents Who Engaged in Fraud and Suspicious Transactions to China Which May Have Aided Human Trafficking

DFS Requiring Western Union to Designate a Compliance Point of Contact and Submit Plan to Ensure Adequate Anti-Money Laundering and Anti-Fraud Controls, Including Requiring All Agents to Adhere to U.S. Regulatory and Anti-Money Laundering Standards

Financial Services Superintendent Maria T. Vullo today announced that Western Union has agreed to pay a $60 million fine as part of a consent order with the New York State Department of Financial Services (DFS) for violations of New York Bank Secrecy Act (BSA) and anti-money laundering laws (AML).  An investigation by DFS found that, for more than a decade, Western Union failed to implement and maintain an anti-money laundering compliance program to deter, detect and report on criminals’ use of its electronic network to facilitate fraud, money laundering and the illegal structuring of transactions below amounts that would trigger regulatory reporting requirements.  In addition, the DFS investigation discovered that senior Western Union executives and managers willfully ignored, and failed to report to DFS, suspicious transactions to Western Union locations in China by several high-volume agents in New York, other states and around the world, including money transfers that may have aided human trafficking.  DFS licenses and regulates money transmitters in New York State and is the sole regulator for Western Union in New York State.

“Western Union executives put profits ahead of the company’s responsibilities to detect and prevent money laundering and fraud, by choosing to maintain relationships with and failing to discipline obviously suspect, but highly profitable, agents,” said Superintendent Vullo.  “DFS will not tolerate unlawful activity that undermines anti-money laundering laws and endangers the integrity of our financial system.”

The DFS investigation found that between at least 2004 and 2012, Western Union willfully failed to implement and maintain an effective anti-money laundering program to deter, detect, and report on suspected criminal fraud, money laundering, and illegal “structuring” schemes.  Structuring occurs when a party executes financial transactions in a specific pattern, like breaking up a larger sum into smaller transactions.  The purpose of structuring typically is to avoid triggering the obligation of a money transmitter like Western Union to file reports with the federal government required by the BSA, or to avoid the money transmitter’s own requirements for providing certain types of identification and other evidence of the legitimacy of the financial transaction.

Western Union has a prior history of compliance issues.  In 2002, DFS’s predecessor agency, the New York State Banking Department, conducted an examination of the company and determined that it failed to establish effective procedures to monitor its agents, detect suspicious transactions, and file suspicious activity reports.  In addition, in a January 2017 agreement with the U.S. Department of Justice, Western Union admitted to federal criminal offenses of willfully failing to implement an effective anti-money laundering program under the Bank Secrecy Act, and aiding and abetting wire fraud.

In today’s announcement, DFS said that several Western Union executives and managers knew about or willfully ignored improper conduct involving “NY China Corridor agents.”   Moreover, even after the U.S. Department of Justice launched an investigation of Western Union in 2012, and the company became aware of the full scope of the misconduct involving the NY China Corridor Agents, the company waited two years to disclose this information to the DFS.

The NY China Corridor agents include a small business located in Lower Manhattan, one in Sunset Park, Brooklyn, and another in Flushing, Queens.  Despite their small size, these agents were some of Western Union’s largest agent locations in the world by transaction volume – and thus some of the most profitable for the company.

The Lower Manhattan agent, a small travel agency that offered Western Union money transmission services, processed more than 447,000 transactions totaling more than $1.14 billion between 2004 and 2011.  The Sunset Park location appears to be owned by the spouse of the owner of the Lower Manhattan location.  The two agents were among the biggest Western Union agents in the entire country.

The Sunset Park location, a small business that sold wireless cellphone services to consumers, and also offered Western Union money transmission services, processed more than 302,000 transactions, totaling more than $600 million, between 2005 and 2011.  Almost all of the more than $1.7 billion transfers processed in this time period processed by the Lower Manhattan and Sunset Park agents were transmitted to China.  According to federal law enforcement authorities, at least 25 to 30 percent of these transactions showed indications of illegal structuring. 

Between 2004 and 2012, the Flushing location processed more than 735,000 transactions, totaling more than $1.2 billion, most of which were sent to China.  The sheer number and size of transactions processed by these agents, which were small independent stores each with a small number of employees, stood out as strong indicators of significant money laundering risk.

Western Union had extensive evidence indicating repeated suspicious, improper, or illegal conduct by these agents.  The company conducted almost two dozen compliance reviews of the Lower Manhattan and Sunset Park agents during the relevant time period.  On each occasion, Western Union compliance staff found clear deficiencies with AML rules and internal company policies.  However, senior managers intervened in the disciplinary to push for special treatment for problematic agents that were the highest fee generators, including failing to suspend them.  In New York, these tended to be the NY China Corridor agents.

In 2008, Western Union paid the owner of the Lower Manhattan location a $250,000 bonus to renew his contract with the company, despite the agent’s numerous compliance violations.  The owner of the Lower Manhattan location later admitted to law enforcement agents that he knew that at least some customers used Western Union’s money transfer services to pay debts to human traffickers based in China, and structured transactions to avoid identification and reporting requirements and thus evade scrutiny.

Western Union pays agents a commission for each money transfer the agent processes.  It may also pay an agent bonuses and other compensation based on transaction volume.  The company can terminate or suspend any agent or agent location for a variety of reasons, but especially for compliance reasons.

Western Union, which has more than 2,800 agent locations in New York State, has been licensed by DFS since 1990. In 2016, New York agents processed more than 18 million consumer-to-consumer financial transactions, totaling more than $4 billion.  Transactions involving New York agents in 2016 yielded $224 million in revenue for Western Union, resulting in gross profits to the company of approximately $50 million.

Western Union must submit a written plan to DFS within 90 days that is designed to ensure the enduring adequacy of its anti-money laundering and anti-fraud programs.  Western Union must also submit a written progress report to DFS detailing the form and manner of all actions taken to secure compliance with the provisions of this Order, and the results of any such actions at six, twelve, eighteen, and twenty-four months from the date of the Consent Order.


NY DFS Press Release

Consent Order

The New York Department of Financial Services (NY DFS) fined Deutsche Bank $425 million and the UK’s Financial Conduct Authority (FCA) fined them an additional 163MM GBP. The DFS News Release:

Press Release

January 30, 2017

Contact: Richard Loconte, 212-709-1691


The Bank Allowed Traders to Engage in a Money-Laundering Scheme Using “Mirror Trades” That Improperly Shifted $10 Billion Out of Russia

DFS Directs Bank to Hire an Independent Monitor to Review and Report on Its Existing Compliance Programs, Policies and Procedures

Financial Services Superintendent Maria T. Vullo today announced that Deutsche Bank AG and its New York branch will pay a $425 million fine and hire an independent monitor as part of a consent order entered into with the New York State Department of Financial Services (DFS) for violations of New York anti-money laundering laws involving a “mirror trading” scheme among the bank’s Moscow, London and New York offices that laundered $10 billion out of Russia. DFS’s investigation found that the bank missed numerous opportunities to detect, investigate and stop the scheme due to extensive compliance failures, allowing the scheme to continue for years. DFS worked closely on the investigation with the Financial Conduct Authority. 

“In today’s interconnected financial network, global financial institutions must be ever vigilant in the war against money laundering and other activities that can contribute to cybercrime and international terrorism,” Superintendent Vullo said. “This Russian mirror-trading scheme occurred while the bank was on clear notice of serious and widespread compliance issues dating back a decade. The offsetting trades here lacked economic purpose and could have been used to facilitate money laundering or enable other illicit conduct, and today’s action sends a clear message that DFS will not tolerate such conduct. DFS is pleased to work with the Financial Conduct Authority on this matter. We also appreciate the bank’s forthrightness and timeliness in conducting its internal review and cooperation in our investigation.”

In addition to today’s action, Superintendent Vullo has led DFS enforcement actions for violations of AML laws against Intesa Sanpaolo S.p.A., which was fined $235 million; Agricultural Bank of China, which was fined $215 million; and Mega Bank of Taiwan, which was fined $185 million.

Today’s action further highlights the importance of DFS’s new risk-based anti-terrorism and anti-money laundering regulation, which became effective on January 1, 2017. DFS’s regulation requires regulated institutions to maintain programs to monitor and filter transactions for potential BSA/AML violations and prevent transactions with sanctioned entities. It also requires regulated institutions to submit an annual board resolution or senior officer compliance finding confirming the steps taken to ascertain compliance with the regulation. In addition, DFS has proposed a first-in-the-nation cybersecurity regulation, which will be effective March 1, 2017, requiring DFS regulated institutions to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York’s financial services industry.

DFS found that Deutsche Bank and several of its senior managers missed key opportunities to detect, intercept and investigate a long-running mirror-trading scheme facilitated by its Moscow branch and involving New York and London branches. Operating through the equities desk at Deutsche Bank’s Moscow branch, certain companies that were clients of the Moscow equities desk issued orders to purchase Russian blue chip stocks, always paying in rubles. Shortly thereafter, sometimes on the same day, a related counterparty would sell the identical Russian blue chip stock in the same quantity and at the same price through Deutsche Bank’s London branch. The counterparties involved were always closely related, often linked by common beneficial owners, management or agents. The trades were routinely cleared through the bank’s Deutsche Bank Trust Company of the Americas (DBTCA) unit. The selling counterparty was typically registered in an offshore territory and would be paid for its shares in U.S. dollars. At least 12 entities were involved, and none of the trades demonstrated any legitimate economic rationale.

DFS’s investigation uncovered violations that included the following:

  • The bank has conducted its banking business in an unsafe and unsound manner, failing to maintain an effective and compliant anti-money laundering program. The bank failed to maintain and make available true and accurate books, accounts and records reflecting all transactions and actions.
  • When contacted by a European financial institution about contradictory information about one of the companies involved in the trading scheme, a senior compliance employee who supervised special investigations at the DBTCA never responded. In addition, the senior compliance employee did not take any steps to investigate the basis for the European Bank’s inquiry, later explaining that the employee had “too many jobs” and “had to deal with many things and had to prioritize.”
  • The bank’s Know Your Customer (KYC) processes were weak, functioning merely as a checklist with employees mechanically focused on ensuring documentation was collected, rather than shining a critical light on information provided by potential customers. Virtually all of the KYC files for the companies involved in the scheme were insufficient, and a Moscow employee who oversaw the illicit mirror trading was also actively involved in the onboarding and KYC documentation of companies involved in the scheme. In addition, certain staff members experienced hostility and threats on several occasions when it appeared they had not moved quickly enough to facilitate transactions.
  • The bank failed to accurately rate its country and client risks for money laundering throughout the relevant time period and lacked a global policy benchmarking its risk appetite, resulting in material inconsistencies and no methodology for updating the ratings. Deutsche Bank was not in line with peer banks, which rated Russia as high risk well before Deutsche Bank did in late 2014.
  • The bank’s anti-financial crime, AML and compliance units were ineffective and understaffed. A senior compliance staffer repeatedly stated that he had to “beg, borrow, and steal” to receive appropriate resources, leaving existing personnel scrambling to perform multiple roles. At one point, an attorney who lacked any compliance background served as the Moscow branch’s head of compliance, head of legal, and as its AML Officer – all at the same time.

Within 60 days of the consent order, the bank must engage an independent monitor, approved by DFS, to conduct a comprehensive review of the bank’s existing BSA/AML compliance programs, policies and procedures that pertain to or affect activities conducted by or through its DBTCA subsidiary and the New York branch.

Within 30 days of the selection of the independent monitor, the bank, DBTCA and the New York branch must submit to DFS for approval an engagement letter than provides for the independent monitor to review and report on, among other things:

  • The elements of the bank’s corporate governance that contributed to or facilitated the improper conduct and permitted it to go on;
  • Relevant changes or reforms to corporate governance that the bank has made since the time of the improper conduct and whether those changes or reforms are likely to significantly enhance the bank’s BSA/AML compliance going forward; and
  • The thoroughness and comprehensiveness of the bank’s current global BSA/AML compliance programs.

In addition, the bank must submit a written action plan to improve and enhance its current global BSA/AML compliance programs that pertain to or affect activities conducted by or through DBTCA and the New York Branch.

The FCA News Release:


FCA fines Deutsche Bank £163 million for serious anti-money laundering controls failings

The Financial Conduct Authority (FCA) has today fined Deutsche Bank AG (Deutsche Bank) £163,076,224 for failing to maintain an adequate anti-money laundering (AML) control framework during the period between 1 January 2012 and 31 December 2015. This is the largest financial penalty for AML controls failings ever imposed by the FCA, or its predecessor the Financial Services Authority (FSA).

Deutsche Bank exposed the UK financial system to the risks of financial crime by failing to properly oversee the formation of new customer relationships and the booking of global business in the UK. As a consequence of its inadequate AML control framework, Deutsche Bank was used by unidentified customers to transfer approximately $10 billion, of unknown origin, from Russia to offshore bank accounts in a manner that is highly suggestive of financial crime. 

Mark Steward, Director of Enforcement and Market Oversight at the FCA, said:

“Financial crime is a risk to the UK financial system. Deutsche Bank was obliged to establish and maintain an effective AML control framework. By failing to do so, Deutsche Bank put itself at risk of being used to facilitate financial crime and exposed the UK to the risk of financial crime.”

“The size of the fine reflects the seriousness of Deutsche Bank’s failings.  We have repeatedly told firms how to comply with our AML requirements and the failings of Deutsche Bank are simply unacceptable. Other firms should take notice of today’s fine and look again at their own AML procedures to ensure they do not face similar action.”

The FCA found significant deficiencies throughout Deutsche Bank’s AML control framework. The FCA specifically found that, during the relevant period, Deutsche Bank’s Corporate Banking and Securities division (CB&S) in the UK:

  • performed inadequate customer due diligence
  • failed to ensure that its front office took responsibility for the CB&S division’s Know Your Customer obligations
  • used flawed customer and country risk rating methodologies
  • had deficient AML policies and procedures
  • had an inadequate AML IT infrastructure
  • lacked automated AML systems for detecting suspicious trades
  • failed to provide adequate oversight of trades booked in the UK by traders in non-UK jurisdictions

As a result of these failings Deutsche Bank failed to obtain sufficient information about its customers to inform the risk assessment process and to provide a basis for transaction monitoring. The failings allowed the front office of Deutsche Bank’s Russia-based subsidiary (DB Moscow) to execute more than 2,400 pairs of trades that mirrored each other (mirror trades) between April 2012 and October 2014.

The mirror trades were used by customers of Deutsche Bank and DB Moscow to transfer more than $6 billion from Russia, through Deutsche Bank in the UK, to overseas bank accounts, including in Cyprus, Estonia, and Latvia. The orders for both sides of the mirror trades were received by DB Moscow, which executed both sides at the same time.

The customers on the Moscow and London sides of the mirror trades were connected to each other and the volume and value of the securities was the same on both sides. The purpose of the mirror trades was the conversion of Roubles into US Dollars and the covert transfer of those funds out of Russia, which is highly suggestive of financial crime.

A further $3.8 billion in suspicious “one-sided trades” also occurred. The FCA believes that some, if not all, of an additional 3,400 trades formed one side of mirror trades and were often conducted by the same customers involved in the mirror trading. 

As a result, Deutsche Bank breached Principle 3 (taking reasonable steps to organise its affairs responsibly and effectively, with adequate risk management systems) of the FCA’s Principles for Businesses. In addition, Deutsche Bank also breached Senior Management Arrangements, Systems and Controls (SYSC) rules 6.1.1 R and 6.3.1 R.

The FCA emphasises the importance of having a strong AML control framework through its proactive supervisory programmes on AML. Firms are regularly reminded of the importance of safeguarding the UK financial system from financial crime and how to comply with AML requirements.

Deutsche Bank agreed to settle at an early stage of the FCA’s investigation and therefore qualified for a 30% (stage 1) discount. This discount does not apply to the £9.1 million in commission that Deutsche Bank generated from the suspicious trading, which has been disgorged as part of the overall penalty meaning that the firm has received no financial benefit from the breach. Were it not for the 30% discount the financial penalty would have been £229,076,224.

Deutsche Bank was exceptionally cooperative with the FCA during this investigation and has committed significant resources to a large scale remediation programme to correct the deficiencies in its AML control framework and customer files.














































































NY DFS News Release

Consent Order

FCA Press Release

FCA Final Order

This would be so much easier if the New York Department of Financial Services (NY DFS) had an email notification service…

Press Release

November 4, 2016

Contact: Richard Loconte, 212-709-1691


DFS Investigation Uncovers Intentional Actions to Obscure U.S. Dollar Clearing Transactions, Including Counterfeit and Falsified Invoices involving China and Russia and Omission of Information Regarding Possible U.S. Dollar Trades with Sanctioned Counterparties

Bank Management Silenced and Severely Curtailed the Independence of Whistleblower Who Attempted to Conduct Internal Investigations of Suspicious Activity

Consent Order Requires Bank to Establish Effective Compliance Controls and to Retain Independent Monitor to Investigate 18 Months of U.S. Dollar Clearing Activity

Financial Services Superintendent Maria T. Vullo today announced that Agricultural Bank of China (the Bank) will pay a $215 million penalty and install an independent monitor for violating New York’s anti-money laundering laws. The fine is part of a consent order entered into with the Department of Financial Services (DFS) pursuant to which the Bank shall take immediate steps to correct violations, including engaging an independent monitor reporting directly to DFS to address serious deficiencies within the bank’s compliance program and implement effective anti-money laundering controls. The DFS investigation discovered intentional wrongdoing, including actions by bank officials to obfuscate U.S. dollar transactions conducted through the New York Branch that might reveal violations of sanctions or anti-money laundering laws. The Bank also silenced and severely curtailed the independence of the Chief Compliance Officer (CCO) at the New York Branch, who tried to raise serious concerns to Branch management and conduct internal investigations regarding suspicious activity, leading the CCO to ultimately resign.

“DFS will take swift and appropriate action when our investigation finds egregious conduct and intentional circumvention of a regulated bank’s compliance program,” said Financial Services Superintendent Maria T. Vullo. “Central to bank management’s responsibilities is creating, fostering, and maintaining a healthy culture of compliance, which is foundational to effective risk management. The failure of a strong compliance program at the New York Branch of the Agricultural Bank of China created a substantial risk that terrorist groups, parties from sanctioned nations, and other criminals could have used the Bank to support their illicit activities. The failure of the Bank to have a robust and operationally functioning compliance program warrants the serious sanctions and remedial action that DFS is taking today, with an independent monitor in place to review specific transactions over a prior 18-month period.”

DFS examiners found that the New York Branch of Agricultural Bank of China has conducted U.S. dollar clearing in rapidly increasing volumes since 2013 through foreign correspondent accounts, even after DFS warned the Bank not to increase its dollar clearing transactions until it significantly improved its compliance function. The Bank willfully ignored DFS’s warning and dollar clearing transactions by the Bank at the New York Branch skyrocketed in 2014 and 2015, creating an untenable risk at a time when the Bank was not able to satisfy even basic compliance requirements.

The Bank also was found to employ non-transparent and evasive transaction methods, including sending coded messages through the Society of Worldwide Interbank Financial Telecommunication (SWIFT) system that masked the true parties to a transaction and avoided screening by DFS. The SWIFT wire message system permits bank compliance staff to screen and monitor transactions in compliance with BSA/AML requirements, OFAC regulations, and the requirements of DFS and other regulators.

Compliance personnel at the New York Branch also discovered alarming transaction patterns, including:

  • Unusually large round dollar transfers between Chinese and Russian companies;
  • Unusually large round dollar payments from Yemen to companies in China;
  • Potentially suspicious dollar denominated payments from trading companies located in the Middle East; 
  • Dollar transactions remitted by a Turkish Bank customer for its Afghan Bank client which is known by the U.S. Treasury Department for its associations with a Hawala network having associations with narcotics traffickers and illicit cash flows; and
  • Certain invoices involving China and Russia appeared to be counterfeit or falsified, while other documents suggested U.S. dollar trades with Iranian counterparties – including documentation indicating dollar transactions were made for the benefit of a sanctioned Iranian party – information that had been omitted from the SWIFT wire messaging.

When the CCO brought the coded SWIFT messages to the attention of bank management in the Fall of 2014, the CCO was told to refrain from communicating with regulators and was effectively silenced. Having lost the ability to comply with the law and do the job required, the CCO eventually resigned from the Bank in May 2015. The CCO’s departure was followed by the resignation of much of the remaining compliance staff in August 2015.

Other findings of the DFS investigation into the New York Branch’s compliance function include:

  • The Branch was unable to retain a qualified, permanent CCO;
  • The interim BSA officer had limited contact with the Head Office and did not have a point of contact there;
  • The CCO also held the role as BSA Officer, without adequate resources given the significant responsibilities of these roles;
  • Deficiencies in documentation and a lack of knowledge transfer prevented the Branch from remediating the deficiencies found in the 2014 examination;
  • Head Office and senior management did not adequately monitor remediation of the prior examination deficiencies and did not require substantiating details or documentation.


Today’s action highlights the importance of DFS’s new risk-based anti-terrorism and anti-money laundering regulation that requires regulated institutions to maintain programs to monitor and filter transactions for potential BSA/AML violations and prevent transactions with sanctioned entities. The regulation, which takes effect on January 1, 2017, requires regulated institutions to submit an annual board resolution or senior officer compliance finding confirming the steps taken to ascertain compliance with the regulation.

Under the consent order, Agricultural Bank of China will retain and install an independent monitor within sixty days of its selection by DFS for two years to conduct a comprehensive review of the effectiveness of the Branch’s program for compliance with the BSA/AML requirements and the state laws and regulations. 

The Independent Monitor will also conduct a review of the New York Branch’s U.S. dollar clearing transaction activity from May 1, 2014 through October 31, 2015, to determine, among other things, whether transactions inconsistent with or in violation of the OFAC Regulations, or suspicious activity involving high risk customers or transactions or possible money laundering at, by, or through the Branch, were properly identified and reported in accordance with the OFAC Regulations and suspicious activity reporting regulations and New York law. Findings by the Independent Monitor as a result of the 18-month look-back could subject the Bank to additional enforcement action. The Independent Monitor will be selected by and report directly to DFS. 

To view a copy of the DFS order regarding Agricultural Bank of China, please click here


In addition to the fine, Agricultural Bank of China agreed to an independent monitor. In contrast, one of the violations the Bank was charged with was impeding the work and independence of its Chief Compliance Officer and staff – the CCO quit in June 2015 after being reined in, and the bulk of the staff quit in August of that year.


NY DFS Press Release

Consent Order

Everyone gets a piece of the pie here – the NY Department of Financial Services gets $610 million, OFAC’s official fine is in excess of $250 million (but is deemed paid on the basis of the lesser amount paid to the Department of Justice). All told, it’s another mega-fine of $1.45 billion dollars for conduct breaching the Iran, Weapons of Mass Destruction, Sudan, Burma and Cuba sanctions programs from 2002 until 2010.

Here is how OFAC saw matters in knocking down the penalty from a base of over $574 million:

The following were found to be aggravating factors:

  • At a minimum,Commerzbank acted with reckless disregard for U.S. sanctions requirements in processingtransactions in apparent violation of OFAC sanctions regulations;
  • management at Commerzbankknew or had reason to know of the conduct leading to certain of the apparent violations;
  • theconduct described above conferred significant economic benefit to persons subject to U.S.sanctions and undermined the integrity of multiple U.S. sanctions programs;
  • Commerzbank is alarge, commercially sophisticated financial institution; and
  • Commerzbank did not maintainadequate policies or procedures to ensure compliance with the sanctions programs administeredby OFAC.

Mitigation was extended because

  • Commerzbank has not received a penalty notice orFinding of Violation from OFAC in the five years preceding the date of the earliest transactiongiving rise to the apparent violations;
  • Commerzbank cooperated with OFAC’s investigation ofthe apparent violations by engaging in an extensive internal investigation, by responding forrequests for information, and by executing a statute of limitations tolling agreement withmultiple extensions; and
  • Commerzbank took remedial action in response to the apparentviolations described above.

The NY DFS was also able to extract, in return for settling the charges, the termination of multiple employees and the installation of an independent monitor at Commerzbank.


OFAC Notice

OFAC Enforcement Action

Treasury Department Settlement

Treasury Department Press Release

NY DFS Press Release