Attestation Update – A&A for CPAs

Technical stuff for CPAs providing attestation services

Commerzbank joins the billion-dollar-fine club

leave a comment »

The newest member of the elite club of banks that write billion dollar checks to settle up with the regulators is Commerzbank AG, the second largest bank in Germany.

After reading several reports on the billion and a half settlement, it seems to me that their corporate culture, at the core personality level, is to be not overly concerned about complying with US law.

The two primary issues are aiding and abetting the billion-dollar Olympus fraud and processing a quarter billion dollars of wire transfers for Iranian and Syrian customers banned from the US banking system.

Check out the following articles for more detail:

Be forewarned my editorial comments and a few doses of ridicule are sprinkled into the following discussion.

Olympus fraud

I have discussed the Olympus fiasco at length.

The settlement shows how much Olympus relied upon Commerzbank to carry out their scheme.

The DoJ press release says staff of Commerzbank in Singapore knowingly set up shell companies to help Olympus move money and the bank used some of its money in the set up.

Olympus took their banking business elsewhere in 2000 but returned in 2005. At that point at least two senior officials had concerns about the Olympus transactions. A “senior official” was worried about publicity if the transactions blew up. The Singapore senior legal and compliance officer was concerned about multiple aspects of the transactions and suggested that suspicious transaction reports ought to be filed.

Multiple wires, including one for $455M and one for $67M triggered AML alerts. The New York compliance officers asked the Frankfurt and Singapore branch for explanations and received assurances the transactions from the (shell) clients were okay.

The DoJ press release indicates there were $1.6B of fraudulent wires going through New York, for which there were no SARs filed until two years after the fraud blew up.

So I guess you could call that aiding and abetting. If I understand the settlement dance routine correctly, the stipulation of facts also means the bank concedes these are in fact criminal violations of their reporting requirements.

Money laundering

The deferred prosecution agreement indicates that Commerzbank moved $263M through the banking system between 2002 and 2008 on behalf of businesses and individuals in Iran and Sudan who were on the banned list.

In 2003, the bank set up a bunch of people in the back office to process Iranian payments to make sure that nothing showed up indicating any involvement by any banned parties.

Do you see anything wrong in this conversation? “Oh, Hilda, just got another half dozen wire requests from our buddies in Tehran. Can you take these over to the Launder for Iran office? Don’t wanna use email. Remember they just moved upstairs to suites 612 through 620 ‘cuz they needed more room. Danke.”

The bank designed a “safe payment solution” for an Iranian company using shell corporations. The wires were run through the shell to hide name, origin, and destination. Processing for this particular client continued even after the point that OFAC identified this client as being involved in helping develop weapons of mass destruction.

See anything wrong with the ending of this conversation from a bank VP to his client? “Oh, okay.  Now I get it. OFAC got the name wrong when they said your company was helping transport WMD components. Since it is actually an outfit across town and not you, it’s okay to keep your business with us. I’ll square things away with our compliance department.”

Lackadaisical compliance

The DoJ press release indicates that the New York compliance staff often had a hard time getting branches to cooperate in providing information to clear wire transfers that triggered alerts for possible money laundering.

At one point in 2010, the New York office was getting 90 alerts a day with a backlog of 808 alerts that had not yet been cleared.

The extreme time for resolving alerts was eight months.

Consequences

Commerzbank will pay a total of $1.45 billion in penalties under the settlement. Here is the breakout:

  • $610M – New York Department of Financial Services
  • $300M – U.S. Attorney’s Office – this will be restitution to victims of the Olympus fraud
  • $200M – FRB
  • $172M – Manhattan DA
  • $172M – US DoJ
  • $1,454M – total

OFAC levied a $258.6M file which is met by the $300M above.

I suppose I should revise my opening comment above. Commerzbank won’t be writing a check for a billion. They actually will send five separate wires, the largest of which will be far under a billion.

I think we can safely agree it’s okay to combine the separate wires into one total and thus award a membership card in the billion-dollar-fine club.

The Reuters article says the bank will fire five executives. No individual prosecutions as far as I can see.

Reuters also mentions the bank announced a month ago that it set up a $1.48B reserve for settlements. That would explain why the stock didn’t react to the actual settlement – there were sufficient reserves set up to cover the actual. The stock price would have reacted when the reserves were announced, not when the actual settlement matches the reserves.

How significant is the fine?

Finally, in terms of the magnitude of the fines I’m still scratching my head.

Here are a few numbers from their 2013 financials:

  • €469B – assets
  • €  17.7B – equity
  • €  14.5B – gross revenue, my sum of various income items
  • €    0.17B – net income

So a $1.45B fine, equal to €1.38B, is quite large in relation to 2013 top line and bottom line. It is slightly less than the  €1.57B provision for loan loss in 2012.

On the other hand, the WSJ article says the fine drops their capital ratio from 9.5% to 9.2%. In those terms, it isn’t too severe.

There is no indication their operations in the US will be affected, other than internal monitoring and probably having to hire some more compliance staff (who hopefully will have better luck getting answers to their email requests sent to the branches).

Update3/12 – DFS press release – NYDFS ANNOUNCES COMMERZBANK TO PAY $1.45 BILLION, TERMINATE EMPLOYEES, INSTALL INDEPENDENT MONITOR FOR BANKING LAW VIOLATIONS – Press release says there were 60,000 wires on behalf of Iranian and Sudanese entities.

One person was prosecuted as part of the Olympus fiasco.  Some people have already left the bank.

DFS takes credit for five additional terminations. One of those already resigned. DFS required Commerzbank to separate the remaining four people identified as key players in the mess.

There may not be any individual prosecutions as a part of this investigation. However, one of my readers pointed out that Benjamin Lawsky and his team are going after individuals.  I trust the banking world, especially the compliance community, know and will long remember the names of the five.

Update 2:  If you are an auditor in a small or medium size firm ponder this: How do you incorporate into your risk assessment, particularly tone at the top, an organization that sets up a department, a department, to intentionally violate laws of another country? Think SAS 122 at AU-C 250. Think fraud risk. Think risk assessment suite.

For auditors of humongous banks: How do you incorporate the behavior we see at Commerzbank into your evaluation of COSO at your client? How do you assess risk that a hundred staff people somewhere will mess up and generate a billion dollar fine when your client has a culture that has produced that phenomenon several times?

For all auditors: How would you work through the thought process for the continuance decision on a bank client that willfully flouts money laundering rules, or manipulates Libor, or manipulates Forex rates, or manipulates gold settlement prices, or does all of the above?

Update 3: I thought I was so clever with that billion-dollar-fine club comment. Then did a check on the ‘net and found that phrase has been in use for several years. Oh well. At least it isn’t copyrightable.

Written by Jim Ulvog

March 13, 2015, 10:28 am at 10:28 am

Posted in Other stuff

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: