It was not very long ago that the compliance officer was considered a back-office watchdog whose job was to tick boxes and make other employees’ lives difficult through copious amounts of form filling and auditing. Such perceptions have changed drastically in the last few years, with the position taking on an increasingly significant role. And the importance of the compliance officer has come under the spotlight even further as a result of a recent action by the United States Treasury Department.
Former MoneyGram International compliance chief Thomas Haider was sued for failing to ensure the cash-transfer firm had an effective anti-money-laundering programme, in what may be a previously-unseen lawsuit by regulators. Not only does this highlight the esteem in which compliance officers are now viewed, but it is also a timely reminder that those in such roles are expected to possess the highest levels of competence, expertise and integrity.
In December 2014, a 57-page complaint was filed by a United States attorney in Manhattan on behalf of the United States Financial Crimes Enforcement Network (FinCEN). In its complaint, FinCEN sought a US$1 million penalty against Haider, as well as to bar him from working in the United States financial industry for an undetermined length of time. The basis of this claim was his alleged reckless or wilful failure to ensure that his company abided by federal anti-money-laundering laws. FinCEN said Haider was personally liable for the money-transfer company’s failures to do what was required under the Bank Secrecy Act (the United States anti-money-laundering law designed to keep criminal activity out of the United States financial system during the mid-to-late 2000s).
The complaint also alleged that, under Haider’s control, suspicious activity report analysts at MoneyGram did not have access to sufficient information to conduct adequate fraud analysis. Allegedly under Haider’s watch, MoneyGram maintained each relevant department in a separate ‘silo’, and Haider failed to ensure that MoneyGram conducted proper risk-based audits of prospective and existing agents and outlets. This was despite there being apparent high-risk red flags. MoneyGram reportedly lacked a coherent diligence process and ignored warning signs when it came to authorising new agents or expanding into new outlets, all reportedly results of Haider’s inaction.
The case brought by FinCEN against Haider is highly unusual, with some commentators describing it as unprecedented. Many consider this case to signal a new approach by regulators and enforcement authorities to hold an individual responsible for the failings of a compliance programme. So essentially there appears to be a delineation between personal and institutional failures. The position of FinCEN was to make a clear example of Haider, with his actions (or lack thereof) being a slur on the reputation of all those in the compliance space. FinCEN director Jennifer Shasky Calvery said that ‘Haider’s failures are an affront to his peers and to his profession’, and that as a direct result of his wilful violations a culture of fraud was able to thrive within MoneyGram.
Needless to say the action against Haider has created, and will continue to create, discomfort among compliance professionals.
The details of the complaint itself signal many perceived shortfalls in Haider’s conduct, and should serve as a reminder to all to use best-practice initiatives when it comes to compliance programme management. Compliance officers more than ever need direct access and integration with company leadership. This will allow complete visibility and oversight of actions taken and avoid any isolation of compliance initiatives from those of the business. It is imperative that an organisational structure exists that allows the compliance officer a direct route to speak with senior management when things go wrong.
Regardless of the outcome of the case against Haider, there will be the expectation that the regulatory authorities must provide clear, definitive guidance on what constitutes wilful illegal acts. But it is evident that compliance officers themselves can under no circumstances rest on their laurels, and must commence taking extra measures to minimise personal liability. Undoubtedly, extra focus will need to be placed on the documentation of incidents, decision-making processes and remediation steps for compliance-related issues. Accurate recordkeeping is paramount to assist with explaining to regulators exactly how a particular situation was handled. Whether a specific action was right or wrong may remain unclear, but a compliance officer must be able to contextualise an incident and the decisions made as a result.
The MoneyGram case is a firm reminder of how important the selection of a compliance officer is in terms of their personal qualities, leadership skills and moral fibre. If there was any doubt about the profile of the compliance officer, the commencement of this claim alone is enough to confirm that we are now in an era in which anyone in charge of a compliance programme must possess expertise when it comes to implementing controls, monitoring their effectiveness, and facilitating continual improvement to compliance measures. The days of the ‘night watchman’ who ticks regulatory boxes are over; compliance officers must be proactive leaders who not only instil a culture of compliance, but astutely seek out potential risks and quickly remediate them to serve the needs of the business. Otherwise, the claim against Haider will not be the last of its type.