Anti-money laundering enforcement actions and their underlying investigations increasingly target compliance officers, seeking to hold them responsible when banks fail to play by the rules. Regulators could go further in facilitating compliance with AML requirements by crafting new language in enforcement actions that empowers compliance officers.

Compliance officers are a natural target for regulators because they know the rules and may even document risk issues in an effort to address them. In the context of an enforcement action, such documentation may be framed as an admission of guilt. Regulators may also find that the officer has been insufficiently forthcoming in the months before the government recognizes a serious AML violation. Moreover, the Bank Secrecy Act officer is typically presumed responsible for the AML program.

However, compliance officers do not unilaterally make resource, product, business model and other economic decisions. Nor do they bring in revenues. This means that, if compliance and business interests are at odds with one another, it's often an unfair fight.

Enforcement actions can create authoritative guidance for compliance officers by outlining what the officer should have done, to whom risks should have been escalated and documented, and what alternative courses of action the compliance officer should have taken if these initial escalation steps failed. By laying out these specific examples, regulators can help compliance officers at other banks take the right steps when they recognize risks.  

For example, suppose Bank A is penalized for processing very large wire transactions emanating from the Ukraine, and that these transactions are ultimately found to be money laundering. The compliance officer raised the risk of money laundering, but the bank's business personnel viewed the transactions as the long-awaited marketing success they had been soliciting. 

A helpful enforcement action might indicate that once the concern was understood by the compliance officer, he should have raised it with Bank A’s particular governance committees. Failing a satisfactory result, the officer should have gone directly to the board.  The action might also suggest that the decision to adopt a “marketing success” view of the transactions should have occurred at a different level—at a steering committee or executive board session—with better-documented discussions or more explicit provisions as to who would be held accountable for such decisions. 

The enforcement action could also state that to address the compliance concern, the institution should have sought outside advice from attorneys, consultants or even communicated with the relevant regulators. Alternatively, the compliance officer could have used experienced internal or external investigators in Europe to better understand the transactions at issue. 

With that enforcement action text in hand, a compliance officer at Bank B might have an easier time handling future problems, requesting investigation resources and obtaining them more quickly.  If Bank B experienced internal disagreement about speaking with regulators, the compliance officer might find his or her colleagues less apprehensive about raising a false or premature alarm. 

The enforcement action of Bank A could thus do more than motivate Bank B to avoid a penalty. It could choreograph the escalation and decision-making process so that Bank B can take advantage of its compliance officer’s insights and knowledge. Instead of simply documenting a potential compliance failure, the enforcement action text could empower the next compliance officer to preside over the successful resolution of a problem.

The way that regulators draft enforcement actions is critical. The other parties in an enforcement action are generally focused on ending it. Regulators, however, have the broader view. They have the ability to frame issues in a way that can help the financial services industry avoid future problems, resulting in a system with fewer violations.

Robert M. Axelrod is a director in Deloitte Transaction and Business Analytics LLP, an affiliate of Deloitte Financial Advisory Services LLP.  He specializes in projects addressing financial transactions in regulatory and compliance contexts, including anti-money laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry, specifically addressing banks, insurance companies, and broker dealers.