Compliance officers are “fundamental to protecting the security of our financial institutions,” but too often those institutions are guilty of treating the function or afterthought. That was the blunt assessment offered by Deputy Attorney General James Cole during a speech at the Money Laundering Enforcement Conference in Washington, D.C. on Monday.

“Compliance officers are critical to protecting both a bank's reputation and its bottom line,” he said at the event, sponsored by the American Bar Association and American Bankers Association. “They're essential when it comes to preventing criminal activity – and if that effort is not entirely successful, detecting and reporting such conduct.”

Cases, such as the LIBOR manipulation scandal, were not isolated incidents involving rogue traders, they were institutionally pervasive, Cole said. The list of other compliance failures trespasses is a long one: the circumvention of sanctions against Cuba and Iran; violations of the Bank Secrecy Act; mortgage origination fraud; anti-trust violations; tax violations involving off-shore accounts; discriminatory lending practices; and manipulation of foreign exchange rates. Financial institutions have agreed to pay about $17 billion in settlements with law enforcement and regulators in the United States this year alone. 

Companies regularly argue during negotiations with the DOJ that they have taken various steps to set the right tone at the highest levels of their institutions. “But based on what we have seen, we cannot help but feel that the message is not getting through often enough or clearly enough,” Cole said. “Despite years of admonitions by government officials that compliance must be an important part of a corporation's culture, we continue to see significant violations of law at banks, inadequate compliance programs, and missed opportunities to prevent and detect crimes... Labeling certain behavior ‘shameful' after being caught is simply too little, too late.”

That's where the DOJ's focus on compliance comes in. When deciding whether to prosecute an institution for the actions of its employees, it evaluates the message bank management and supervisors give to employees in the context of their day-to-day work, Cole said. That includes a review of emails and recorded phone calls, and talking to witnesses in order to determine what messages about compliance have been conveyed, or, conversely, what encouragement they may have received to exploit any possible edge to make money. 

“We examine the incentives that banks provide their employees to either cross the line, or to exhibit compliant behavior,” he added. “If a financial institution wants to encourage compliance – if its values are not skewed towards making money at all costs – then that message must be conveyed to employees in a meaningful and effective way if they'd like Department to view it as credible.  To have an effective compliance program, we expect banks to put in place procedures to detect problems, and proactively utilize those procedures without waiting until the government comes knocking at their door with a subpoena.” 

A “culture that breeds violations instead of a culture that encourages compliance,” will draw unwanted scrutiny, Cole said. Conversely, “the benefits of having a strong compliance program can go a long way toward mitigating institutional liability.”

“When we see compliance programs that are not comprehensive, or are not funded, or lack sufficient resources to be effective, we cannot give them credit,” he said. “Businesses need to create a culture of compliance.  To do this, compliance programs must be real, effective, and proactive… If we see illegal conduct at a number of the bank's business units, the old saw of ‘It's an isolated instance of bad actors in a single business unit, the institution as a whole should not be held accountable' won't cut it.”

Topics