Motive, means and opportunity.
Those are the three elements that criminal prosecutors look for, when setting up a criminal conviction.
In a case involving BNP Paribas (BNPP) — the largest bank in France and the fifth largest in the world — prompting US$8.97 billion in fines and a guilty plea to a criminal charge in a Manhattan federal courtroom, there was abundant motive, means and opportunity.
Published by the US Department of Justice, the Statement of Facts signed by BNPP at the time of the settlement not only describes the regulatory view of the bank’s criminal activity, but also provides a detailed picture of the the goings-on inside the bank which clearly violated the trust of regulators and investors through intentional compliance and operational mismanagement. The means: transporting misleading bank payment messages through the international network operated by SWIFT.
BNPP was penalized for violating US laws prohibiting three sanctioned countries — Sudan, Iran and Cuba — from doing business in the US financial system, and explicitly forbidding financial institutions from assisting them with US dollar-based transactions. The motive that BNP Paribas faced was related to well-established, large and highly profitable relationships with entities in these countries, including heavy activity in dollar-based transactions. Rather than strictly follow the US regulations, BNPP attempted to skirt the law. It did so successfully for about ten years.
The ultimate risk the French banking giant took is obvious from the cost of the settlement it was forced to accept against the threat of losing its license to operate in the US. It’s a massive punishment that reportedly is not related to the illicit profit made, but rather the seriousness of the crime, which was deliberate masking of the underlying beneficiaries of billions of USD transactions moved through BNP Paribas’ New York office and later through “cover” accounts with JP Morgan Chase — identified in the criminal trial — and other unnamed “satellite” US banks. What BNPP knew about its liability and when senior-level officials recognized it is a major factor in the case, because it provides a timeline for institutional conspiracy.
The relationships with the entities in the US-sanctioned countries were apparently so valuable to BNPP that the conspiracy involved not only executive management, compliance officers and back- and front-office staff, but collaboration with clients in the masking techniques. Therein lies the opportunity — those steering the ship looked the other way.
Only BNPP’s New York branch might be considered blameless or the least culpable, as the gameplan was structured to keep these transactions from being flagged by software and staffers in NY that would identify illegal transactions. The fact that it went on for so long with relatively minor — or at least ineffective — regulatory attention speaks for the wall of silence around the operation, while documents provided to the investigation by BNPP show active planning, reminders to clients and staff, and quashing of compliance concerns.
Subverting SWIFT
Hiding the identity of entities in US-sanctions nations who were sending or receiving dollar payments was the means BNPP employed to avoid the attention of US regulators — as well as their own New York office through which any BNPP-originated payment would ordinarily clear. So BNPP went to work on the payment instructions sent through the SWIFT network.
Information in SWIFT’s payment messages should include the amount of money to be transferred, the sender, the recipient and the ultimate account holders. The message headers may only identify the sending and receiving financial institutions, but the identities of the underlying account holders are typically incorporated in other message fields. According to the records of BNP Paribas’ enforcement action, the bank avoided being flagged in the US and elsewhere by obscuring the names of the underlying account holders by either altering them or replacing them with “Unknown.” Such flagging often takes place through a combination of software and manual oversight — aka further investigation — of any names which are highlighted as being suspect or “high risk.”
No one blames SWIFT for what happened. “SWIFT can’t alter the way the messages are structured to prevent them from being used fraudulently,” says Aaron Kahler, managing director of AML Compliance Advisors, a New York- based regulatory compliance and staffing firm.”Banks have to set up more rigorous procedures and rules to eliminate such a scenario from taking place.”
Just who specifically ordered the SWIFT message types to be illegally changed has not been publicly disclosed, but based on court documents the tampering occurred outside the New York office. The Paris, Geneva, Rome, Milan and Singapore offices were specifically mentioned in BNP Paribas’ settlement agreement.
“The structure of the SWIFT message payments is pretty basic and it isn’t difficult to hide the identity of the actual sender or receiver of the monies,” says Joe Bognanno, principal of AML Solutions for Nice Actimize, a New York based financial crime and compliance software vendor. “Doing so makes it more difficult to match up whether an individual or entity is designated in a US Office of Foreign Asset Controls (OFAC) list or any other government list of prohibited countries.” The OFAC unit of the US Treasury administers economic and other sanctions based on US foreign policy and national security goals.
The unscrupulous message altering technique only went so far to hide the US-sanctioned clients’ identities. The BNPP New York office caught several questionable transactions and sent them back to the originating BNPP office, as did other banks. To further mask the transactions, BNPP went on to a new level of disguising the transactions.
Taking cover
Although BNPP reportedly did not previously engage in correspondent banking activities, it used JP Morgan Chase and possibly other US banks with foreign offices to enable a scheme of “cover” accounts for hiding the real senders and beneficiaries of the transactions. Through delegating the payment instructions and shifting funds through bank-to-bank transactions, the identities of the underlying account holders would disappear from the payment instruction. Since other bank would clear the dollar transaction in the US, BNPP would have no further presence beyond being the US banks’ “client.’
JP Morgan Chase ended up being the go-between from 2004 until 2007 for payments involving Sudanese entities and until 2010 for payments involving Cuban entities. It is unclear why JP Morgan didn’t catch onto BNPP’s wrongdoing and JP Morgan has declined to comment.
Wire transfer experts at unrelated banks tell FinOps Report that given the large number of transactions which likely pass through JP Morgan’s wire department in New York daily, it would be difficult to catch without continual monitoring — often manual– and JP Morgan might be unaware of BNPP’s scheme. There has been no mention in the court documents of whether JP Morgan knew that it was participating in a conspiracy to avoid US sanctions against the ultimate clients.
Deaf Ears
Ther is no question that BNPP’s interest in continuing to serve clients in US-sanctioned countries — and profit from their services — was the key motivating factor in their attempt to avoid US law, and the collaboration of their compliance officials who looked the other way was part of that. However, their understanding of their regulatory liability is not so clear, at least in the earlier years of the conspiracy.
BNPP branch offices outside the US initially forwarded payments on behalf of clients in US-sanctioned countries through its New York office to their rightful recipients. When bank became concerned in 2004 that it could face the wrath of US federal and state banking regulators who appeared to be getting suspicious, it consulted the law firm of Cleary Gottlieb for advice. Cleary Gottlieb reportedly told BNP Paribas it wouldn’t face legal penalties, if the payments were sent to the end recipients through other satellite banks, rather than through the BNP Paribas New York office. In the spring of 2006 Cleary Gottlieb reportedly changed its tune, warning BNP Paribas of dire consequences in using another intermediary or satellite bank in payment.
JP Morgan might have gotten an initial whiff that something was amiss, according to court documents, when in 2006 it rejected accepting some payments citing Cuban entities as senders of the funds. So did the BNP Paribas New York branch. That is when a Paris-based attorney for BNP Paribas contacted a second law firm, Clifford Chance, for more advice. However, when Clifford Chance warned the BNPP compliance department that altering the SWIFT payment messages made them vulnerable to US enforcement action, the law firm was instructed to “suspend any further work” on the matter.
Government investigators found several attempts by BNPP compliance officers to convince the bank to stop their practices in attempting mask US dollar transactions to and from US-sanctioned countries. Their advice fell on deaf ears, and they were handed reassurances that senior management supported this practice.
As part of the settlement, BNP Paribas was forced to fire thirteen senior managers who played some part in the bank’s violation of US sanctions and falsification of transaction records. Among the thirteen are Stephen Strombelline, the bank’s head of ethics and compliance in North America. Thirty two more employees were either demoted or were hit with pay cuts, while twenty seven more left before being disciplined. BNP Paribas’ chief operating officer George Chodron de Courcel has announced he will leave the bank.
Takeways
The US enforcement agencies may not have yanked BNPP’s US banking license, but they did the next best thing. Beyond the US$8.97 paid tothe US Department of Justice, Federal Reserve, Office of Foreign Assets Control, and New York Department of Financial Services, the bank’s dollar-related business is essentially eliminated for a year. It cannot clear dollars from its Paris, Geneva, Rome, Milan and Singapore offices. A year might not sound like a long time, but major corporations which cannot transact in dollars through BNPP will have to go to other bank, and they may not come back when the year is over.
BNP Paribas isn’t the first bank to alter SWIFT’s payment messages, intending to make money by skirting US laws. Standard Chartered also did so and paid a fine of $350 million to the New York State Department of Financial Services two years ago. Other banks have also been subject to hefty financial penalties, but BNP Paribas’ is by far the largest and most severe.
BNP Paribas has issued a public statement of “deep regrets for past misconduct” from chief executive Jean-Laurent Bonnafe . The bank has also created a new department called Group Financial Security US as part of its group compliance function to be headquartered in New York. The department, according to the statement, will ensure that BNP Paribas complies globally with US regulations related to international sanctions. In addition, all US dollar flows for the entire BNP Paribas group will ultimately be processed and controlled out of the bank’s New York office. Bank officials won’t commen beyond that statement.
Other banks who may be still masking sender or recipients of payment messages in order avoid US sanction enforcement, or who think they may be inadvertently clearing these payments should take note of BNPP’s punishment. The US regulators clearly mean their draconian penalty to deter others.
“With regulators now insisting that banks verify the identity of senders and receivers of funds, it might be advisable for banks to require their wire room staffers to attest they have actually checked against OFAC and other lists,” says Bognanno. “It would certainly raise the stakes of responsibility and accountability.”
As shown by the BNPP case, simply giving responsibilities to staff isn’t enough, if they aren’t educated about the operational objectives and associated risks, like exposure to criminal charges. At BNPP, it appears that compliance offers are taking the brunt of the firings and demotions, and individuals may still face criminal charges. It looks like an clearcut case in business controlling regulatory compliance rather than vice versa, with the true responsibility for criminal non-compliance landing somewhat higher on the corporate ladder.
Doubting Thomas says
The transactions weren’t done in Euro’s, they were done in USD. Guilty!
George Battikha says
Actually the mistake is to leave the US Dollar and the American diplomacy dominate the world, what if the operations were done in EUROS?
We have seen what the American Diplomacy has done in the whole world from the far east to the middle east, they destroyed several countries and they are responsible for thousands and thousands of death under the flag of democracy,
See their democracy in Iraq, Afghanistan Yemen Libya Sudan Syria and several others….but at least they are democratic now.
The Euro should dominate, and that is it.