The New York Department of Financial Services has fined Mega Financial Holding, one of Taiwan's biggest banks, $180 million for the failure of its New York branch to guard against money-laundering, especially in respect of the 'country risk' posed by Panama.

The Taiwanese Government runs Mega, according to Reuters. Bloomberg, meanwhile, reports that (through its subsidiaries) the holding company accepts deposits, issues financial debentures, provides medium and long term loans to enterprises and provides brokerage, dealer and insurance services. The chairman is Hsu Kuang-Hsi and the president is Wu Han-Ching.

The consent order says that examiners visited the branch in the early part of 2015 to look at its risk management, operational controls, compliance and asset quality. It had tasks outstanding from a previous regulatory visit. Their findings, in their own words, were 'troubling.'

Five areas of deficiency

Firstly, they found that the position of the Taiwanese AML/Bank Secrecy Act officer lacked adequate knowledge of the Act and the rules laid down by the Office of Foreign Assets Control and the US Treasury. It is revealing that the contravention of rules no longer seems to be the only thing that the NYDFS thinks is unacceptable: the order also says that the examiners were worried that the chief compliance officer (a different person from the AML officer) did not know enough about 'supervisory expectations' that related to these rules.

Secondly, NYDFS examiners took issue with the company's structure. The visitors were, for example, displeased to find that the company was not spending money on separate personnel for its compliance function. The branch's deputy general manager and IT security officer was also the chief compliance officer. The examiners believe that this is why he devoted insufficient time to his compliance-related duties. Similarly, the BSA/AML officer was also the operations manager of the business division. Both received inadequate compliance training. The OFAC officer, meanwhile, was also the operations manager for the foreign correspondent banking division. The NYDFS believes that this confusion of jobs led to conflicts of interest, although the order fails to name any rules that the bank has broken in this way.

Thirdly, there were IT deficiencies aplenty. The visitors noticed that compliance people - either in the branch or at head office - failed to review surveillance monitoring filter criteria and thresholds from time to time. When they asked managers at the branch why they had chosen this-or-that criterion or key word to detect suspicious transactions, answer came there none. Some documents remained "untranslated from the Chinese language" (the NYDFS does not say which one of China's 80 languages it means by this) and this is a problem. The order, however, does not say why - perhaps New York's AML laws require banks to use software that can only detect suspicious transaction information in English and not in any other language. On the other hand, the NYDFS mentions elsewhere that its regulators can only examine things effectively if they are in English, so this might be a mere regulatory 'gripe,' unrelated to any rule.

Fourthly, the regulators took issue with the way the branch handled its suspicious activity report (SAR) caseload. Compliance staff did look at all alerts but were lax in recording the reasons for the decisions they made while investigating them, including decisions about whether to send SARs off to the Internal Revenue Service database in Detroit.

Fifthly, there were inconsistencies between policies and procedures for the business division and the correspondent banking division, inconsistencies concerning transaction monitoring, customer on-boarding and OFAC compliance, and badly written guidelines for background checks on new customers, especially 'politically exposed persons' or PEPs, which bore little relation to federal rules. It is not known why the NYDFS cares about federal rules, or indeed about anything federal.

The New York branch, moreover, did not determine whether Mega Financial Holding's overseas affiliates were following adequate AML processes. It did not follow up on account activity and transactions that did not fit those affiliates' profiles. Its internal AML training on this subject was also poor.

The Panama payments

The biggest deficiency of all stems from the fact that Mega International has branches in Panama City and the Colon free trade zone. The volume of business between Mega International's New York branch and the Colon free trade zone came to $3½ billion in 2013; that between New York and the Panama City branch came to $4½ billion in 2014.

The Panama Papers, covered elsewhere in our web pages, marked the jurisdiction out as a highly risky money-laundering centre, although the Financial Action Task Force, the world's AML standard-setter, said in February that Panama had made significant progress in improving its AML regime and that it would therefore cease to 'monitor' it, whatever that meant. The NYDFS, inspired by the Panama Papers, therefore believes that the bank should have treated every transaction between Panama and New York as a matter of high alert; this it did not do.

The NYDFS, moreover, believes that it might have uncovered some signs of Panamanian money-laundering. 'Mega New York' acted as an intermediary paying bank in connection with suspicious and unusual 'debit authorisations' (or payment reversals) received from its Panamanian branches that reversed wire payments processed on behalf of various remitters. Some of the account numbers were 'closely ranged,' as though created off a roll. When the NYDFS asked New York branch staff to explain this, they fudged.

The bank authorised some debits when the Colon branch closed some Panamanian 'beneficiary accounts' identified in the underlying transactions because of inadequate know-your-customer (KYC) information. Most of these accounts were open for less than two years and some for less than one. The remitters and beneficiaries associated with many of the suspicious payment reversals had the same identities. In some cases, the original payment instructions were sent months after the 'beneficiary accounts' had been closed.

The beneficial owner - unnamed in the consent order - of a company that had an account at the Colon branch has been the subject of bad publicity. The NYDFS claims that he or she was "linked to violations of US law concerning the transfer of technology." To this day, Mega International refuses to give the department the details of its 'due diligence' regarding his or her account, despite having been asked more than once.

It's head office's fault!

Mega International Head Office, situated in Taipei, comes in for a roasting as well. Not only did it send out a BSA/AML officer to New York without training him properly; it also failed to keep an eye on the New York compliance function. It did not receive the minutes of that function's quarterly meetings (indeed, minutes were sometimes not kept) and those minutes did not contain enough information about the compliance environment or indeed any information about SARs. Again, the NYDFS complains about some documents - the nature of which remains a mystery - which it would have liked Head Office to have translated into English.

Cheek is the worst policy

When it received a list of these shortcomings in February this year, the bank threw the NYDFS into turmoil by refuting some of them. Most maddeningly for the regulator, it declared that certain types of activity were not suspicious and that "there is no AML regulatory guidance related to filing [i.e. sending off SARs] on these types of transactions...and that therefore such transactions do not constitute suspicious activity." One cannot help wondering what this obviously heavily edited passage said in context. The NYDFS, moreover, states in the consent order that the bank's assertion is "a complete mis-statement of well-established BSA law" without mentioning a single section or case to prove its point.

The order also states that the bank has not acted at all quickly to remedy the shortcomings that the regulators had uncovered.

A list of offences

The NYDFS states in the consent order that Mega International broke 3 NYCRR s116.2 by failing to keep up effective AML and OFAC compliance. It failed to make documents available that pertained to all transactions, thereby breaking the New York Banking Law s200-c. It also failed to send the superintendent a report as soon as it discovered fraud, dishonesty, the making of false entries and the omission of true entries and other misconduct. This was against 3 NYCRR s300.1. In the consent order the bank agrees never to try to obtain any tax deduction for the $180 million fine (such deductions, perhaps surprisingly, being common in Europe).

The inevitable independent monitor, who must by now have been appointed, is commanded in the order to undertake a review of Mega New York's US dollar clearing transaction activity to see whether anything went through that contravened the OFAC regulations or constituted suspicious activity involving highly risky customers. More cases might be on the way.