The key compliance challenge of the modern investment bank is to convince employees that their electronic communications are being monitored. The big bank fines and scandals of the post-crisis era are about stupid e-mails and electronic chats. The conduct was vague, ambiguous, hard to prove; the proof of nefarious intent came from all the dummies chatting with each other to the effect of “bro lets ilegally manipoolate libor lol.”
Today “Credit Agricole SA agreed to pay $787 million to U.S. regulators and enter into a deferred prosecution agreement with the Justice Department to resolve allegations the French bank violated sanctions aimed at Iran and Sudan.” Superficially, this might look like another dumb e-mail case:
One client, who referred to the crisis in the Darfur region of Sudan as “an exaggeration in the media,” urged the bank to continue processing payments connected to that country. In some transactions, a Sudanese bank client would send the following request to Credit Agricole’s Geneva subsidiary: “DON’T MENTION SUDAN ON THIS PAYMENT ORDER.”
IF YOU WANT TO KEEP IT SECRET, BE SURE TO PUT IT IN ALL CAPS.
But the sanctions cases — Credit Agricole is the latest, but HSBC, Standard Chartered, ING, Commerzbank and BNP Paribas have collectively paid more than $11 billion to settle sanctions violations charges — aren’t like Libor or FX rigging, where the key question is intent and where a few ungrammatical bad apples did things never dreamed of by their compliance officers. In sanctions cases, the key issue is just the fact of the violation (moving money for Iranian or Sudanese clients), and e-mails proving intent aren’t that important. And Credit Agricole’s aggressive business people weren’t scurrying around furtively hiding their illegal trades from their compliance officers. They were just doing what the compliance officers told them to. From today’s New York State Department of Financial Services consent order:
Both compliance and business professionals at the Geneva Subsidiary directed, processed and oversaw these U.S. dollar transactions with the mentality that “[u]nder the territoriality of the laws principle, our Swiss activities are only subject to [laws] in force in Switzerland and not those in force abroad.” Indeed, written economic sanctions directives from the Geneva Subsidiary’s compliance managers that were in place throughout the Review Period assured staff that, with respect to U.S. dollar transactions, “the effect of the OFAC [SDN] list does not have any reach (outside of the United States).”
And here’s how the DFS describes the workings of Credit Agricole’s Geneva anti-money laundering committee:
In addition to intentionally omitting information to identify sanctioned Sudanese parties on payment messages, the Bank’s Geneva employees were also encouraged to complete these otherwise illegal U.S. dollar transactions using a method fabricated by the Anti-Money Laundering Committee (“CLAB”) of the Bank’s Geneva Subsidiary, known internally as the “Sudanese U-turn.” In reality, no U.S. law or regulation ever permitted such an exception to otherwise prohibited transactions with sanctioned Sudanese parties by use of a two-stepped non-transparent “Sudanese U-turn.” Still, with no legal basis, “the Committee decided that [Sudanese] ‘U-TURN’ transactions are authorized when the underlying reason (for the transaction) is strictly limited to commercial transactions.”
So it was more of a … more of a pro-money laundering committee, then? Like: Doing “two-stepped non-transparent” transactions to disguise the source or recipient of the money is pretty much the definition of money laundering.
And it wasn’t just a rogue Swiss subsidiary.
Here’s what was apparently the official policy for dealing with Iran:
Similarly, written policies and procedures directing employees to omit information that would identify Iranian parties to U.S. dollar payments processed by the Bank were drafted by a relationship manager dealing in Iranian business and approved by CASA Compliance in Paris. These “special treatment” procedures acknowledged the operational risk for conducting these transactions in violation of U.S. laws and regulations, but allowed nevertheless that “our bank has been dealing with these [Iranian] counterparts for over 14 years and in line with market practice and as customary to all our competitors in this market, we have been routing USD payments in the manner specified below in order to prevent funds being seized by the US authorities. The various departments involved in this process, i.e. front, middle and the back office, are aware of this special treatment as procedures have been implemented to cover this aspect of operational risk. The matter has also been passed through compliance and Legal to ensure that all aspects are covered… The method for [U.S. dollar] payments is as follows: no mention of Iran is made on this instruction.” (emphasis added).
Notice the second boldface bit: Omitting the names of the sanctioned countries wasn’t just a clever innovation by some rogue traders. It was the official policy, approved by compliance.
But notice the first boldface bit! Why do people follow the law? Mostly they follow the law because it mostly coincides with their moral beliefs. Or they follow the law because they feel, as citizens, a sense of obedience to the law itself. Or they follow the law because they don’t want to be punished for breaking it. But Credit Agricole’s relationship to U.S. sanctions law was none of those things. Credit Agricole just didn’t want the U.S. to seize its money. Credit Agricole looked at the U.S. sanctions authorities, and it saw pirates.
And you can sort of see its point of view.
A Swiss subsidiary of a French bank wanted to do business deals in Sudan and Iran. Those deals seem to have been legal under Swiss, and French, and Sudanese and Iranian law. The only glitch was that some of those deals were done in dollars, and if you do deals in dollars you have to pass through the U.S., and if you pass through the U.S. you are subject to the — to Swiss/French/whatever eyes — arbitrary whims of U.S. foreign policy. Felix Salmon noted the broad reach of U.S. sanctions enforcement back when BNP Paribas was still negotiating its ($9 billion) settlement:
France’s politicians are outraged, saying that they cannot see what BNP did wrong; the case is even being raised at summit level. Not that squealing will do any good. The Americans have tasted blood and they shall have their victory. After all, if there is one argument that never works with the US, it is that the behaviour in question was perfectly fine under domestic law.
And:
America is using its banking laws not to make its financial system safer, nor to protect its own citizens from predatory financial behaviour, but rather to advance foreign policy and national security objectives.
Those policies and directives from Credit Agricole compliance weren’t just, like, mistakes. These were people in countries where it was legal to deal with Iran and Sudan, whose competitors dealt with Iran and Sudan, who saw dealing with Iran and Sudan as normal, who were not Americans, who had no loyalty to U.S. foreign policy, and who saw the U.S. ban on dealing with Iran and Sudan as a regrettable foreign irrelevancy that really ought to be avoidable with some careful structuring. Or careful labeling, anyway.
At the same time, I mean, it is not impossible to see what Credit Agricole did wrong here. It’s pretty easy! The DFS really knows how to write a consent order, and hoo boy does this sound bad:
The Bank acquiesced to its clients’ requests to continue to engage in sanctions violations on their behalf. One such client, which described the crisis in the Darfur region of Sudan as an “exaggeration in the media,” urged the Bank to continue to process U.S. dollar payments related to Sudan anyway. The client averred that “whilst one must not underestimate the humanitarian cost of any conflict [in Darfur],” it would nevertheless be a “great pity” for the Bank to “throw [ ] away” its position “as a serious player in the financial markets” in Sudan during “a period of vastly improved economic prospects brought about by the discovery of oil” in the region.
Nice oil lending business you’ve got there, it’d be a pity if you gave it up just to avoid financing genocide.
I exaggerate: I don’t see any actual allegations that Credit Agricole actually financed genocide, or the Iranian or Sudanese regimes. The Justice Department says that “nearly all of the bank’s violations involved Sudanese business organizations,” and for all I can tell, maybe it was financing legitimate civilian businesses that made life better in Sudan.
Still, the point we are meant to take away from that Darfur discussion is that global banking is a competitive, amoral business, and that without a strong and upstanding culture of compliance, banks will cynically break the law to fight for market share. Which is probably about right! But Credit Agricole had a compliance culture. The problem wasn’t that Credit Agricole didn’t believe in following the rules. It’s that it didn’t believe in the legitimacy of the U.S. making the rules for the rest of the world.
How do you fix that? I suppose there is some soft answer in which diplomacy and regulatory harmonization lead all big international banks to buy into the same baseline set of norms about which countries should not be financed, and then upstanding bankers just stop doing business in those countries, whether in dollars or euros or rubles or whatever. But the other approach, in which the U.S. uses its authority over dollar transactions to extract massive fines from foreign banks for violating U.S. law, probably works too.
Here’s the Department of Financial Services news release. Credit Agricole is paying $385 million to the DFS, $90.3 million to the Federal Reserve, $156 million to the Manhattan District Attorney and $156 million to the Justice Department, but the DFS order has the most detail, and the DFS is the best agency at boldfacing bad facts. The bank also entered into deferred prosecution agreements with the Manhattan and federal prosecutors. (Credit Agricole agreed to a $329.5 million penalty from the Treasury’s Office of Foreign Assets Control, though that was considered satisfied by its other payments.)
The Geneva subsidiary that did this stuff is made up of “Crédit Lyonnais (Suisse) S.A., Crédit Agricole Indosuez (Suisse) S.A., and Crédit Agricole (Suisse) S.A.,” according to DFS.
Not even the punishment one, tant pis.
Though of course some weren’t, leading to this hilarious shrug from compliance:
The Bank’s Geneva compliance staff, which is in charge of all sanctions compliance for Geneva, noted passively that despite U.S. sanctions, the fact that Sudanese entities had letters of credit with the Bank “opened in USD [made it] no longer possible (or very difficult through an amendment to which all the parties adhere!) to change the currency when the payment becomes due. This seems to explain why [a senior manager’s] recommendations [consistent with U.S. sanctions laws] were not accurately followed.”
If the deals were in euros they’d be fine. But, ah, it would be so much work to change the currency!
Or U.S. whatever policy. We’ve talked before about the possibility that U.S. prosecutors might punish banks for dealing with FIFA, because U.S. prosecutors have decided that FIFA was bad, and being banker to the bad is bad.
The Justice Department mentions violations of Cuba and Burma sanctions, in addition to Sudan and Iran ones.
21 OCT 20, 2015 5:46 PM EDT
By Matt Levine