The Financial Crimes Enforcement Network (FinCEN) assessed a $450,000 civil money penalty against Michael LaFontaine in early March, former Chief Operational Risk Officer at U.S. Bank National Association (U.S. Bank), for his failure to prevent violations of the Bank Secrecy Act (BSA) during his tenure. U.S. Bank used automated transaction monitoring software to spot potentially suspicious activity, but it improperly capped the number of alerts generated, limiting the ability of law enforcement to target criminal activity. In addition, the bank failed to staff the BSA compliance function with enough people to review even the reduced number of alerts enabling criminals to escape detection.
“Mr. LaFontaine was warned by his subordinates and by regulators that capping the number of alerts was dangerous and ill-advised. His actions prevented the proper filing of many, many SARs, which hindered law enforcement’s ability to fully combat crimes and protect people,” said FinCEN Director Kenneth A. Blanco. “FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly.”
In February 2018, FinCEN, in coordination with the Office of the Comptroller of the Currency (OCC) and the U.S. Department of Justice, issued a $185m civil money penalty against U.S. Bank for, among other things, wilfully violating the BSA’s requirements to implement and maintain an effective anti-money laundering (AML) program and to file SARs in a timely manner.
LaFontaine was advised by two subordinates that they believed the existing automated system was inadequate because caps were set to limit the number of alerts. The OCC warned U.S. Bank on several occasions that using numerical caps to limit the bank’s monitoring programs based on the size of its staff and available resources could result in a potential enforcement action, and FinCEN had taken previous public actions against banks for the same activity.
LaFontaine received internal memos from staff claiming that significant increases in SAR volumes, law enforcement inquiries, and closure recommendations, created a situation where the AML staff “is stretched dangerously thin.” LaFontaine failed to take sufficient action when presented with significant AML program deficiencies in the Bank’s SAR-monitoring system and the number of staff to fulfill the AML compliance role. The bank had maintained inappropriate alert caps for at least five years.