- Industrial and Commercial Bank of China and its New York City branch will pay $30 million to New York’s Department of Financial Services to settle an investigation into several anti-money laundering and Bank Secrecy Act compliance deficiencies between 2018 and 2022, the department announced Friday.
- The Federal Reserve also issued an enforcement action and fined ICBC and its New York office roughly $2.4 million for the unauthorized use and disclosure of confidential supervisory information without the prior approval of the appropriate banking regulator.
- “Bank Secrecy Act and Anti-Money Laundering laws and regulations are critical national security protections, safeguarding financial markets and consumers from bad actors,” Superintendent Adrienne A. Harris said in a statement Friday. “Regulated institutions must be held accountable for failing to adhere to New York’s rigorous legal and regulatory standards.”
The Fed coordinated its investigation with NYDFS, the state supervisor of ICBC’s New York City branch. The penalties announced by the agencies add up to approximately $32.4 million.
The Beijing-based lender and its U.S. subsidiary have been subjected to a cease-and-desist order from the Fed since 2018 over significant shortcomings in the New York branch’s compliance with AML requirements and Office of Foreign Assets Control regulations in areas including corporate governance and management oversight, customer due diligence, and suspicious activity monitoring and reporting, the NYDFS consent order stated.
NYDFS and the New York Fed in 2022 conducted a joint review and found OFAC compliance at ICBC’s New York branch was adequate, but its BSA and AML programs needed enhancements.
Last year, NYDFS acknowledged that the New York office had shown “significant efforts toward enhancing its BSA/AML and OFAC compliance programs and successfully remediating all prior examination findings in those areas.”
However, a review also found that a former employee in 2015 backdated several compliance documents related to know-your-customer certification at the direction of a senior employee who allegedly knew certain certificates needed the employee’s signature in 2014.
According to the NYDFS report, the senior employee provided different dates in 2014 and asked the former employee to use those when signing the certifications.
“The former employee obliged, signing, backdating, and returning to the Bank signed copies of the Certifications for five different banking clients,” the NYDFS report said. “Although the Bank asserts that the backdated Certifications ultimately were not included in the banking clients’ KYC files, the conduct by the senior employee constituted a violation of the New York Branch’s obligation to maintain appropriate books and records pursuant to New York Banking Law.”
The department issued the $30 million penalty while noting the New York branch’s efforts to remediate the deficiencies pointed out in the consent order, including significant improvements in the AML and OFAC programs. The branch promptly responded and took measures to prevent such disclosures from happening again, the NYDFS said.
The department also highlighted a 2021 incident where the bank tried to transfer a U.S.-based ICBC employee to an overseas ICBC affiliate. The transfer required approval from a regulator where the overseas affiliate was located. The bank and the employee needed to complete a questionnaire that included details of any regulatory or disciplinary actions against the employee or the New York branch office. The bank’s internal counsel advised that responses about the ongoing investigation would comprise confidential supervisory information.
The bank devised proposed language and approached NYDFS, the Fed and the New York Fed to send it to the overseas affiliate’s regulator. But a few weeks later, the New York branch counsel learned that “without proper authorization from the Department and the FRB, the Branch sent the original proposed language and additional documents containing CSI to the Overseas Affiliate, which, in turn, sent the language and documents to its local regulator.”
The Fed’s order requires the ICBC to submit within 90 days a written plan to enhance internal controls and compliance functions related to the handling of CSI. The bank needs to adopt the plan within 10 days of the Fed’s approval. Then, within 30 days after the end of each quarter, the bank needs to submit a progress report on its reforms.
The NYDFS has also asked the bank to submit a status report detailing any updates on its AML compliance programs since the 2021 review and enhancements to the New York office’s customer due diligence programs — within 60 days of the consent report.
“As acknowledged by the orders, ICBC New York Branch has made significant efforts towards successfully remediating past weaknesses,” ICBC said in the statement seen by American Banker. “Compliance and risk management have been, and continue to be, a top priority for ICBC New York Branch. ICBC New York Branch is fully committed to meeting all of the requirements of the orders and to satisfying regulatory expectations.”