Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

Deutsche Bank’s sanctions and AML control flaws – too little, too late

Image of the front of NYC's Deutsche Bank Offices on Wall Street.
Photo by Spencer Platt, Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The US Federal Reserve fined Deutsche Bank and its US affiliates $186m for failing to sufficiently address sanctions and money-laundering shortcomings flagged by the US central bank.

Last Wednesday, the Federal Reserve Board issued a $186m fine to Deutsche Bank AG and its New York branch for failing to fix “unsafe and unsound banking practices” that the bank had promised to remedy as long ago as 2015.

The bank may face additional penalties if it doesn’t fix its outstanding issues, the Fed said.

According to the Fed, the bank violated its agreements under consent orders it had signed in 2015 and 2017 (featuring a $99m fine, collectively) regarding shortcomings in its sanctions compliance and anti-money-laundering (AML) controls. 

At the time, Deutsche entered legally binding commitments to fix the problems; in the latest consent order, the Fed concluded the bank had “made insufficient progress in its remediation efforts.”

Compliance risk

Deutsche was still “exposed to heightened levels of compliance risk without sufficient internal controls, including the risk of failing to detect money-laundering activity or US sanctions violations,” the bank regulator said.

In response to the new consent order, the bank issued a statement calling its adherence to the older enforcement actions “historic tardiness,” but it described progress it nonetheless had made in enhancing the effectiveness and size of its global Anti-Financial Crime team by more than 25% to more than 2,000 employees.

The Fed’s New York branch conducted a series of examinations and reviews and found that, since 2018, the bank had made insufficient progress in its remediation efforts with respect to compliance oversight, customer due diligence, transaction data, transaction monitoring and filtering, suspicious activity reporting, and facilitating independent third-party reviews.

More specifically, the Fed also said that Deutsche Bank and its fully owned subsidiary Deutsche Bank Trust Company Americas (DBTCA) lacked adequate Bank Secrecy Act internal controls during their relationship with Danske Estonia.

It also instructs Deutsche Bank’s board of directors to “take steps to ensure the allocation of adequate financial, staffing, and managerial resources to fully comply” with the Fed’s orders.

Due to these failures, Deutsche Bank and DBTCA failed to mitigate sufficiently the significant risk associated with the customer, despite consistently high customer risk ratings for Danske Estonia, high levels of suspicious activity reporting associated with Danske Estonia’s clients, and serious risk concerns about Danske Estonia expressed by senior bank compliance personnel as a result of their customer due diligence efforts, the Fed said.

In October 2015, on its own initiative, DBTCA terminated the Danske Estonia relationship and Deutsche bank started to address these deficiencies and manage these risks, the cease and desist order notes. The bank must further advance these remedial efforts by prioritizing the following, it said.

  • Improving its systems and data as it supports the business’s AML transaction monitoring, especially higher risk business lines.
  • Ensuring systems and data have been assessed such that any gaps in its using data analytic capabilities are identified (eg, reducing the number of false positives, etc.).
  • Implementing a customer due diligence program that can adequately perform such diligence for medium and high-risk clients;
  • Establish a framework for transaction monitoring that effectively identifies AML risk, with appropriate alerts and investigative processes in place that can help identify and report suspicious activity.

It also instructs Deutsche Bank’s board of directors to “take steps to ensure the allocation of adequate financial, staffing, and managerial resources to fully comply” with the Fed’s orders.

Global regulators show concern

The Fed is not the only regulator watching Deutsche Bank for its rate of improvement regarding its internal controls. In November, Germany’s Federal Financial Supervisory Authority, known as BaFin, threatened to fine the bank if it missed deadlines for fixing its money-laundering controls.

As per an order from that regulator, the lender was already employing a special monitor from the global audit firm KPMG to oversee its internal controls.

And the bank has had its share of troubles with risk controls and monitoring lapses in areas outside sanctions and AML.

In 2015, US and British authorities fined Deutsche $2.5b, accusing it of obstructing regulators and ordering it to fire several employees in the eighth global settlement of alleged benchmark interest rate rigging that swept the global banking industry at the time.

The board actually decided to cut $1m from total executive pay for 2022, so it affected 10 of the bank’s most senior staff.

In 2016, the bank reached a $7.2bn deal with the Department of Justice to settle allegations of the mis-selling of mortgage-backed securities, a scandal that engulfed other banks at the time and featured billions of dollars in fines.

In 2021, the bank agreed to pay $87m to the Justice Department in criminal penalties, disgorgement, and other costs; plus another $43.3m in disgorgement and interest to the Securities & Exchange Commission to avoid prosecution on charges that it manipulated precious metals markets and committed foreign bribery in contravention of the US Foreign Corrupt Practices Act.

Leadership pay & changes

Deutsche Bank announced in March that its chief executive, Christian Sewing, was going to take a hit in terms of his annual bonus after the bank’s supervisory board determined the lender had not reached certain milestones in terms of improving its internal controls.

The board actually decided to cut $1m from total executive pay for 2022, so it affected 10 of the bank’s most senior staff.

Deutsche said that a focus … will be meeting regulatory requirements and establishing “a state-of-the-art risk and controls culture”.

The board and its chair, Alexander Wynaendts, said in that year’s annual report that the extended timeline and re-planning in certain areas needed to be recognized in the management’s compensation, as the bank had admitted it failed to meet some of its own governance targets.

Deutsche Bank recently named management board member Stefan Simon, who oversees regulation and compliance, to succeed Christiana Riley as the head of American operations.

Riley joined the bank in 2018 and is credited for spearheading the bank’s growth in the United States. She is now regional head of North America operations for Santander Bank.

Simon’s appointment is the first time that the lender’s highest-ranking compliance official will be based in the United States, and Deutsche said that a focus for Simon will be meeting regulatory requirements and establishing “a state-of-the-art risk and controls culture”.

Deutsche Bank’s challenge

Deutsche Bank continues to make headlines for all the wrong reasons, and it’s not for a lack of resources paid to remediating the issues, as noted above.

Did complacency set in, since the lender ended the first quarter of this year with its twelfth straight quarter of profit after the completion of a sweeping restructuring plan that began in 2019?

(Its revenue at its investment bank division likely dropped by at least 15% in the second quarter from a year earlier, though; Deutsche’s chief financial officer said as much in June at a financial conference.)

Since Deutsche Bank exited the relationship with Danske Estonia in 2015 – the one involving “high-risk customers” – it is at least a promising sign that some of the issues mentioned in the Fed’s enforcement action have already been addressed. (Basically, Danske Estonia was a haven for Russian oligarchs the bank never should have transacted with after conducting due diligence – or rather, enhanced due diligence, given the extra risk these persons posed.)

As noted above, regulators are expecting to see more improvements in the systems and data the bank uses for its suspicious activity reporting; the completion of a customer due diligence program as outlined in the Fed’s 2017 enforcement action; and a framework for effective transaction monitoring, which was also outlined in the 2017 order.

So, the lender is making improvements, but not nearly quickly enough. The executive leadership team and board must make these remediation goals a top priority, directly linking their completion to the bank’s ongoing profitability goals.

, , , , , , , , ,

You may also like