10 Nov 2016
Julie Copeland and Mirella deRose of international law firm Lewis Baach consider the implications for company board members of a recent AML action against Capital One.
Recent anti-money laundering enforcement actions against major U.S. financial institutions have placed boards of directors front and center in the management and oversight of their institutions’ Bank Secrecy Act and other anti-money laundering (“BSA/AML”) programs. Indeed, the enforcement actions have routinely imposed upon each board the responsibility to “ensure” that their institution “achieves and thereafter maintains” compliance with the conditions imposed on the institution in connection with resolution of the action.
What kind and detail of information should a board require and review to fulfill its BSA/AML compliance oversight obligations? A recent decision by the Court of Chancery in Delaware in a shareholder’s derivative action against Capital One Financial Corporation (“Capital One”) and its board for breach of fiduciary duty with regard to Capital One’s AML program is instructive. In this case, the Court dismissed the plaintiff’s complaint for failure to establish that the board consciously allowed Capital One to violate BSA/AML statutory requirements. But the fact of the suit highlights a new and serious liability risk inherent in board membership, and the Court’s decision underscores the fine line walked by boards of directors who are executing their BSA/AML compliance-related responsibilities.
In July 2015, Capital One entered into a Consent Order with the OCC, which had found that Capital One “failed to adopt and implement a compliance program that adequately cover[ed] the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing.” In November 2015, under a provision of Delaware law, the plaintiff requested the bank’s books and records. He commenced his derivative suit thereafter.
The plaintiff alleged, inter alia, that the bank’s board of directors breached their fiduciary duty and unjustly enriched themselves by “consciously disregarding” their responsibility to oversee Capital One’s compliance with BSA/AML statutory requirements. According to the Court’s opinion, the plaintiff’s central allegation was that the board consciously “ignored red flags” demonstrating the statutory inadequacy of Capital One’s compliance program relating to services Capital One provided to clients—especially those engaged in check cashing, a business that poses “inherent risk for money laundering.” The plaintiff’s claim was based on a number of compliance and audit reports presented to the board between 2011 and 2015 containing these “red flags.” According to the plaintiff, the reports should have triggered some “type of [independent] compliance check,” and the board’s failure to carry out such a check justified the reasonable inference that it consciously disregarded its duty to implement internal controls required by BSA/AML regulations, thereby breaching its fiduciary duty to the bank’s shareholders.
The various reports relied upon by the plaintiff described for the board Capital One’s increasing AML risk and the steps management was taking to address it. The plaintiff claimed that negative information in the reports should have prompted the board to take action. This information included increasing AML risk due to the banking of check cashing businesses, the high-risk nature of Capital One’s products and services, and controls that were operating ineffectively and the resultant need for “robust procedures, well-trained associates and a strong management review function to comply with FinCEN and bank regulators’ expectations”.
The Court, on the other hand, viewed this negative information and the fact that each report contained management’s prevailing or proposed responses to the issues outlined as “flags of a different hue, namely yellow flags of caution concerning the Company’s escalating AML compliance risk that was occurring in tandem with heightened regulatory scrutiny in the financial services industry.” The reports relied upon by the plaintiff, according to the Court, explained to the directors in considerable detail the Company’s heightened compliance risk and the initiatives that management was taking to ameliorate that risk. Adding that BSA/AML issues were also discussed during committee meetings, the Court held that because the bank’s management was making efforts to comply with BSA/AML regulations and regularly kept the board of directors informed of its efforts along the way, the board did not consciously allow Capital One to violate its regulatory requirements so as to sustain a finding that it acted in bad faith.
Although the standard for finding a board of directors in violation of their fiduciary duty is a high one (and probably could not have been met in this case), this decision illustrates the level of detail boards should be receiving regarding an institution’s BSA/AML program. The Capital One board received regular reports that described problems with controls and hiring as well as problems with addressing customer identification concerns in a timely fashion. The board also received internal audit reports that warned of the potential negative consequences of the bank’s failing to mitigate AML risk. Both the board and management took actions in response to these reports, including recommending changes to the Company’s AML policy. Management presented details about how they were addressing and planning to address the BSA/AML deficiencies outlined in the reports, including monthly training, quarterly internal audits, designating a new Chief AML Officer and other initiatives responding to the changing regulatory environment.
At a minimum, the court’s searching examination of what information and assurances the board received and how it responded strongly suggests that board members cannot afford to be passive observers of a company’s BSA/AML program. As bank regulators have stated and as this case demonstrates, the board’s role is to review and require detailed information to “ensure” that an institution’s BSA/AML program lives up to statutory expectations.
 In the Matter of CITIGROUP, New York, New York, OCC Consent Order, April 5th, 2012; In the Matter of JPMorgan Chase Bank, N.A., Columbus Ohio et al., OCC Consent Order, January 14, 2013; In the Matter of Capital One, N.A., McLean, Virginia, OCC Consent Order, July 10, 2015.
Count reading this article to your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet