Capital One, NA, pays $390M for BSA violations
The Financial Crimes Enforcement Network (FinCEN) has assessed a $390,000,000 civil money penalty against Capital One, National Association (CONA), under the Banks Secrecy Act and implementing regulations. The bank admitted to the facts set out in the Order of Assessment and consented to the assessment. FinCEN determined that the bank violated certain of its BSA obligations for its Check Cashing Group (CCG) from about 2008 until about 2014, by willfully failing to establish and maintain an effective anti-money laundering program and willfully failed to accurately and timely file SARs on suspicious transactions associated with the CCG. ["Willfully" means with either reckless disregard or willful blindness.] FinCEN also determined that the bank negligently failed to timely file CTRs for the CCG.
According to the Order of Assessment, the bank's violations of its BSA obligations resulted in the failure to accurately and timely report millions of dollars in suspicious transactions, including proceeds connected to organized crime, tax evasion, fraud, and other financial crimes laundered through the Bank into the U.S. financial system.
In December 2006, Capital One Financial Corporation (COFC), the holding company for CONA, acquired North Fork Bank (NFB), including that bank's New York and New Jersey check cashing customers. NFB was merged into CONA in August 2007, and CONA established the CCG as part of its Middle Market Lending group. CONA operated the CCG until 2014. The CCG customer base included a range of between approximately 90 and 150 New York- and New Jersey-area check cashers that usually operated storefront locations and conducted check cashing as their primary business. CCG customers cashed checks by providing cash in exchange for paper checks from individuals (known as retail checks) and from business entities (known as corporate checks) and charged a fee for this service. CONA provided banking services to the CCG including, among other things, processing checks deposited by CCG customers and providing CCG customers with armored car cash shipments. CCG customers used over 1,000 CONA accounts related to their check cashing businesses, including to deposit checks they cashed. CONA also provided CCG customers with the currency needed to cash checks, which was mostly delivered via armored car shipments.
Prior to CONA’s acquisitions of and mergers with Hibernia Bank (November 2005) and North Fork Bank (December 2006), federal and state bank regulators identified deficiencies in the AML programs at both banks, including weaknesses in transaction monitoring, suspicious activity identification, and CTR filing. Further, around the time of CONA’s acquisition of NFB, the OCC notified CONA personnel of certain AML risks associated with banking the CCG. Then, in 2008, New York County indicted a CCG customer and its President and owner for various charges directly related to its business operations. CONA responded to these issues and risks by implementing certain AML controls, but these efforts failed to effectively address the illicit finance risk associated with the CCG.
"After acquiring and incorporating NFB and Hibernia, CONA internally acknowledged having significant “residual AML risk attributable to inadequate AML internal controls.” To address the deficiencies identified by its regulators, CONA hired BSA/AML officers to build out an enterprise-wide AML program befitting CONA’s consolidated operations. Over time, these officers produced enterprisewide AML policies, procedures, and process controls. However, these controls and procedures were inadequate to address the money laundering risk associated with the CCG, were inconsistently and ineffectively implemented for CCG customers, were plagued by a number of technical failures that were not promptly addressed, and
gave too much credence to dubious explanations from the business line about CCG banking activity, all of which ultimately resulted in a failure to guard against money laundering and other criminal and suspicious activity."
"CONA developed and relied on a macro that aggregated debits and credits for the CCG customer under review and then compared the macro information with a sample of historic transactional dollar volume to determine if the customer’s activity was “consistent” or if it had a statistically significant deviation in transaction volume. As long as the activity appeared to be related to the business model—such as a check casher depositing checks—or had a ready explanation for deviations outside the “consistent” volume marker, the activity was deemed “reasonable” and the initial high-risk alert was closed without further action. Although CCG accounts were reviewed again after initial reviews, often these further reviews were perfunctory, relying too heavily on the results of the macros and comparisons to past activity, without taking additional investigative steps or incorporating additional knowledge about the customers. As a consequence, CONA failed to detect red flags or follow up appropriately on potential indications of suspicious activity. In other words, CONA improperly used consistency as the primary benchmark for reasonableness, overlooking the nature or apparent lawful purpose of their customer’s underlying activity and the patterns therein."
In December 2010, CONA made a change to the way its transactional data streams were coded for all customers, which caused checks cashed at several CCG customers, including Dependable Check Cashing Corporation (Dependable) and all of Pucillo’s check cashing businesses (despite his status as the highest risk customer in the CCG and among the highest-risk customers at CONA overall) to not appear on the banks Large Item Report (LIR) until 2013. Then in August 2012, CONA made a generally-applicable coding change, which caused all of the remaining CCG customer data streams to disappear from the LIR. Although AML analysts flagged this problem for technical support in September 2012 upon identifying the issue, the LIR was not repaired until July 2013, at which point CONA voluntarily commenced a lookback of the transactions that fit the criteria for LIR review when the LIR had not been operational. As a result, from August 2012 until July 2013, the LIR was wholly inoperative.
Reliance on relationship manager for explanations
CONA’s process for investigating suspicious transactions for the CCG was weak, and resulted in the failure to fully investigate and report suspicious conduct. For example, from at least January 2009 through December 2013, AML analysts repeatedly identified suspicious activity—variously described as “a medical fraud ring,” “excessive corporate check cashing,” “high dollar checks,” and “structured third-party checks”— within at least 30 CCG customers’ accounts. However, as part of its ordinary AML process, AML management routinely instructed analysts to contact CONA’s relationship manager for the CCG business line to obtain additional information and guidance regarding CCG related transactions. In turn, the business line often suggested vague and implausible explanations for the CCG activity, such as: “CTRs filed as necessary,” “making payroll,” “hurricane Sandy work,” “known to customer,” “a high number of customers in February because of tax refunds being cashed at the stores,” “Uptick in Corporate Check Cashing,” “Fewer days in the month,” and “Aggressively looking to manage down excess currency.” At times, CONA’s AML analysts accepted such justifications from the CCG business line at face value, which limited their ability to perform effective AML scrutiny and file robust SARs. As a consequence, CONA failed to fully investigate much of this activity, or report it to FinCEN as suspicious.
SAR and CTR filing failures
As a consequence of its AML program failures, CONA failed to accurately and timely file SARs on its CCG customers. Indeed, CONA filed no SARs on its CCG customer activity until October 2009, and thereafter CONA often failed to detect and report suspicious activity by the check cashers themselves, even as it detected and reported activity by the check casher’s customers. Last, and as further described below, during the relevant period CONA failed to file SARs even when it had direct knowledge of certain CCG customers’ indictments and guilty pleas for criminal activity associated with their check cashing operations flowing through the Bank’s accounts.
In addition, from January 2006 to March 2008, during the course of the acquisition of NFB and Hibernia and their integration into CONA, CONA experienced several errors with their CTR reporting system. FinCEN issued a warning letter and admonished CONA to accurately and timely file its CTRs and noted in its formal communications that the bank’s compliance history could be considered by FinCEN in the future. CONA was thereafter negligent in ensuring that it filed all CTRs related to the CCG. Specifically, CONA utilized an internal system that assigned a “cash” code for customer withdrawals to effectuate CTR filings. In designing its system, CONA failed to assign this “cash” code to armored car cash shipments for a number of customers using a specific accounting method for armored car shipments, including the CCG. Accordingly, these transactions were not identified as customer cash withdrawals and therefore not reported to FinCEN through CONA’s CTR reporting systems.
The failure to properly code these cash shipments resulted in approximately 50,000 reportable cash transactions totaling over $16 billion in cash to the CCG over the course of over three years to go unreported to FinCEN. While business managers received near-daily reports on armored car cash shipments, and CONA timely reported CTRs on armored car cash shipments to other locations, such as ATMs, CONA failed to timely report CTRs for CCG armored car cash shipments. Although CONA self-reported and remediated this issue, this failure was negligent and exhibited a pattern of negligence with respect to CONA’s legal obligation to file CTRs.