Skip to content

U.S. continues aggressive sanctions and anti-money laundering enforcement against non-U.S. banks

Related people
Fishman Todd
Todd Fishman


New York

View profile →

David Esseks


New York

View profile →

Photo of Kenneth Rivlin
Kenneth Rivlin


New York

View profile →

Rezendes Maura
Maura Rezendes


Washington, D.C.

View profile →

18 July 2019

When assessing anti-money laundering risk and exposure, global financial institutions should be mindful of the complex landscape and assertions of broad authority by U.S. authorities and banking regulators. A multinational financial institution with a U.S. branch may find its worldwide activities scrutinized by U.S. banking regulators even if its branch does not service those activities, and what’s more, even without a U.S. branch, a bank may still have civil or criminal U.S. exposure for payments cleared in the United States.

Federal and state banking regulators such as the Federal Reserve Board (FRB), the New York State Department of Financial Services (NYDFS) and the Office of the Comptroller of the Currency (OCC) of the U.S. Department of Treasury, have authority over licensed financial institutions operating in the United States to assess fines and civil penalties for anti-money laundering failures and sanctions violations and to examine compliance breakdowns. Below we observe increased willingness by U.S. banking regulators to assert authority over overseas conduct at multinational financial institutions even where the conduct at issue does not center around the bank’s U.S. branch or banking activities in the United States. While this broad authority may yet be contested, global banks should be aware that anti-money laundering risk management policies and processes for various lines of business that have any nexus to their U.S. branch, however minimal, may be subject to U.S. regulatory scrutiny. 

In addition, even global banks with no U.S. banking license may still be exposed to enforcement actions by U.S. civil and criminal authorities for conduct beyond U.S. borders where there is a sufficient U.S. nexus such as U.S.-cleared payments, highlighted by recent public investigations. The Office of Foreign Assets Control of the U.S. Department of the Treasury (OFAC) has authority to assess civil penalties for any and all sanctions violations – knowing or not – if there is a sufficient U.S. nexus that may be as minimal as dollar payments cleared through the United States. Likewise, federal and state criminal authorities (such as the Department of Justice (DOJ), or the New York County District Attorney’s Office (DANY)) have broad authority to police willful money laundering and sanctions violations where there is a sufficient U.S. nexus such as U.S.-cleared payments.

A look back at prior resolutions with U.S banking regulators

U.S. banking regulators, in conjunction with U.S. criminal and civil authorities, have traditionally pursued anti-money laundering and sanctions enforcement cases against multinational banks in relation to conduct that occurred in or through a bank’s U.S. entity or branch (frequently in New York). Examples of this include the large sanctions (and anti-money laundering)-related settlements with HSBC, BNP Paribas, Commerzbank, Société Générale and others. In those instances, the financial institution had a banking branch or agency in the U.S. and provided a range of banking services in the U.S., such as payment processing, on behalf of overseas affiliates. Under these arrangements, transactions relating to customers of non-U.S. branches or affiliates were routed through the U.S. branch or entity for dollar clearing purposes. Because a U.S. branch or entity is obliged to comply with the Bank Secrecy Act’s programmatic anti-money laundering requirements, these branch activities provided a touchpoint for the U.S. banking regulators to exercise jurisdiction alongside criminal and civil authorities.

In other words, even though the conduct at issue involved activities in a non-U.S. branch in connection with non-U.S. customers and entities, penalties were imposed by U.S. banking regulators for breaches by the U.S. branch processing the payments. Other recent examples include the settlement by Deutsche Bank with DFS, the FRB and the U.K.’s Financial Conduct Authority for violations of anti-money laundering laws in relation to Russian ’mirror trades’ and settlements against a number of non-U.S. banks relating to FX trading by traders worldwide. These banks entered into settlements with U.S. banking regulators in relation to predominantly non-U.S. conduct where the dollar legs of the transactions at issue were cleared through the bank’s U.S.-licensed entity. Most recently, in April 2019, Standard Chartered Bank entered into a joint resolution with U.S. and UK authorities in relation to sanctions violations where a majority of the USD payments flowed through the bank’s New York branch. 

The Unicredit resolution: a case study for a multinational financial institution with a U.S.-licensed branch that did not clear U.S. dollars 

U.S. banking regulators took one step further in the recent UniCredit settlement. Announced less than a week after the Standard Chartered Bank settlement, three non-U.S. UniCredit entities entered into joint resolutions with the DOJ, DANY and OFAC, as well as two U.S. banking regulators, NYDFS and FRB, for total penalties of USD1.3 billion relating to conduct and transactions that did not center around UniCredit’s U.S. branches.

Of the three entities, the parent, UniCredit S.p.A., and the German subsidiary, UniCredit Bank AG, had licensed New York branches subject to NYDFS and FRB oversight, while the Austrian subsidiary, UniCredit Bank Austria AG, had no U.S. affiliation. The resolution papers detailed that certain UniCredit employees outside of the United States utilized cover payments, stripping (changing or removing identifying information from payments or instructions), front companies and book-to-book transfers to facilitate transactions by sanctioned entities – similar to conduct that has served as a basis for enforcement actions against other financial institutions in the past. But unlike the other multinational banks mentioned previously such as Standard Chartered, UniCredit relied primarily on third-party correspondent banking to provide USD clearing services to its customers, not its New York branches. NYDFS stressed that the various UniCredit entities had transmitted USD payments on behalf of sanctioned entities “in a non-transparent manner” through at least one DFS-regulated bank in New York (ie, UniCredit’s correspondent bank). Only three nominal New York ‘touchpoints’ with UniCredit’s own New York branches were asserted by NYDFS:

  • One relevant document saved in an electronic file at UniCredit Bank AG’s New York branch;
  • 51 payments processed through UniCredit Bank AG’s New York branch, under letters of credit that UniCredit Bank AG had issued for oil exports on behalf of a large European energy company (and its subsidiaries), where the oil was then re-exported to Iran without an OFAC license;
  • UniCredit S.p.A.’s New York branch was used to process “impermissible” USD payments on behalf of S.p.A. and UniCredit Bank AG “made pursuant to letters of credit issued by its Home Office”.

NYDFS did not find a connection between the conduct at UniCredit BA and either of the New York branches. Nevertheless, the NYDFS and FRB asserted jurisdiction over the unrelated core conduct at issue (eg, cover payments, stripping, etc.) and found that all three UniCredit entities had conducted business in an unsafe and unsound manner in violation of the New York banking laws.  

US continues aggressive

A reminder that multinational banks may face civil and criminal U.S. exposure regardless of whether they have a U.S. banking license

A number of recent resolutions and ongoing public investigations also serve as an important reminder for multinational banks without a U.S. branch that they are not immune to U.S. civil and criminal exposure. While they are not subject to the oversight of U.S. banking regulators, civil and criminal federal authorities may enter the picture where USD transactions are cleared through the U.S. or there is some other U.S. nexus. For example, in 2014 OFAC imposed a USD9.5 million civil fine on the Bank of Moscow, a bank with no operations, branches or subsidiaries in the United States, for processing payments to, from, or on behalf of sanctioned parties through U.S. correspondent bank accounts. No willful conduct was alleged; rather, OFAC stated that the bank failed to “exercise an appropriate degree of caution or care”. In the past four years, numerous Swiss banks without any U.S. banking operations have reached resolutions with the DOJ’s Tax Division in relation to their U.S. customers abroad. More recently, as set out in the press, a Danish bank is currently subject to investigation by a number of U.S. authorities, including the DOJ and the U.S. Treasury Department, in relation to conduct and transactions originating at its Estonian branch. The basis upon which U.S. authorities are asserting jurisdiction over this matter may be in relation to the USD flows which were cleared through the Danish bank’s U.S. correspondent banks. (Per public reports, there may also be involvement by the U.S. Securities and Exchange Commission. Non-U.S. companies that issue debt or ADRs in U.S. markets may face exposure to regulatory enforcement action under U.S. securities laws in connection with inaccurate disclosures regarding underlying conduct and ongoing investigations.) 

A renewed note of caution

Recent AML and sanctions settlements and public investigations highlight the expansive exposure that non-U.S. financial institutions may face for dollar transactions cleared through the United States, a risk that is heightened by the existence of a New York branch. 

With the UniCredit resolution, U.S. financial regulators are in uncharted waters, asserting broad authority to assess fines and civil penalties if a non-U.S. bank or any of its affiliates is licensed or regulated by the FRB or the NYDFS – regardless of the strength of the connection between the conduct and the U.S. branch. Multinational banks licensed in the U.S. (and especially New York), should be vigilant about the various lines of business that touch their U.S. branch. Like UniCredit, they may find worldwide activities scrutinized by U.S. banking regulators even where the U.S. branch does not service those activities. 

Moreover, while banks without a U.S. branch are not exposed to U.S. financial regulators, they are not immune to U.S. criminal or civil inquiries for conduct abroad where there are U.S. touchpoints, such as payments cleared through the U.S.

Download the latest Legal and Regulatory Risk Note (PDF)

This article was co-authored by Rachel Agress, a former Associate at Allen & Overy. 


Recommended content