The Federal Reserve Bank of New York earlier this year blocked M&T Bank Corp.'s planned $3.7-billion acquisition of Paramus-based Hudson City Bancorp Inc. because of anti-money-laundering compliance issues at M&T, the Buffalo, N.Y., lender.

Smaller financial institutions are having to deal with emerging compliance risks such as those posed by the rapid growth of mobile banking and payments technologies while experiencing serious cost pressures and limited ability to allocate resources to address compliance risk.

The migration of Mexican drug traffickers from major U.S. financial institutions to smaller national and regional banks, as discussed in the October 2012 "Compliance Advisor," is illustrative. Following Wachovia's $160 million settlement for BSA/AML violations concerning drug cartel transactions, regulators focused on similar suspicious activity at HSBC, Citigroup and JP Morgan Chase. The subsequent movement of drug cartel money to smaller institutions was followed by regulators, resulting in the following 2011 enforcement actions:

• A national bank with approximate asset size of $16 billion headquartered in Salt Lake City faced a civil penalty of $8 million for issues related to casas de cambio (Mexican exchange houses which were also cited in the Wachovia case).
• A Miami-based national bank with an approximate asset size of $357 million received a civil penalty of $7 million for violations including problems with appropriately filing Suspicious Activity Reports (SARs).
• Another Florida-based bank with an approximate asset size of $3.3 billion was fined $10.9 million.  In FinCEN’s penalty assessment, it noted that “28 percent of the Bank’s total customers reside outside of the U.S. in high-risk geographies susceptible to money laundering.”
  

In his March 7, 2013, written testimony before the Senate Committee on Banking, Housing, & Urban Affairs, Comptroller of the Currency Thomas Curry listed migration to smaller banks as one of seven key trends.

Compliance complacency is no longer a viable option for financial institutions of any size.

• In December, 2012, the Office of the Comptroller of the Currency (OCC) levied a $500-million penalty against HSBC for compliance program and BSA violations covered in an October 2010 cease and desist order. Concurrently, the Federal Reserve assessed a $160-million penalty against the parent company, HSBC North American Holdings, Inc., and the Department of Justice imposed a $1.256 billion forfeiture action against the bank and HSBC Holdings plc. The total in assessed penalties and forfeiture amounts: $1.92 billion.  [Thomas J. Curry, Comptroller of the Currency, testimony before the Senate Committee on Banking, Housing, & Urban Affairs on March 7, 2013.]

• On November 16, 2012, the First Bank of Delaware (assets of $222.5 million), was stripped of its charter (a "Death Penalty") and levied concurrent civil penalties of $15 million by the FDIC and FinCEN for BSA/AML violations. Related Justice Department civil charges were settled by the bank, and all penalties were satisfied by the single $15 million payment to Treasury. On that date, Bryn Mawr Trust Corp. paid $8.7 million for some of the banks assets, and assumed depositary responsibilities. First Bank was dissolved immediately following the sale.

As required under Dodd-Frank, the Office of Thrift Supervision (OTS), was integrated into the OCC in July, 2011, and the OCC now has direct supervision of community banks and thrifts. The Dodd-Frank provision was at least to some extent spurred by criticism of OTS oversight of Washington Mutual, Countrywide Bank and IndyMac Bancorp.  

Regulatory bodies worldwide are working to harmonize enforcement efforts and supervisory oversight of multinational financial institutions. In February, 2013, the Financial Action Task Force on Money Laundering (FATF) adopted a new Methodology for Assessing Technical Compliance with the FATF Recommendations and the Effectiveness of AML/CFT (Anti-Money Laundering and Countering the Financing of Terrorism) Systems. 

Banking regulators long have had the authority to issue C&D orders, levy civil penalties against an insured financial institution and its officers and directors, and issue removal and prohibition orders against officers and directors. While traditionally used primarily in cases where institution-affiliated parties were clearly complicit in violations, the recent emphasis on governance and senior management accountability has encouraged expansion of these powers to push remediation of weak and inadequate compliance programs. The OCC is reviewing its statutory "removal and prohibition" authority and is exploring whether a new regulation or agency guidance is warranted to put the industry on notice. Further, the Department of Justice is beefing up its resources to deal with financial crimes.

Emerging payments technologies, such as prepaid access, mobile wallets and mobile banking present unique exposures that are particularly challenging for OFAC compliance.