On January 15, 2021, the Financial Crimes Enforcement Network (“FinCEN”) announced that Capital One, National Association (“CONA”) had been fined $390,000,000 for “willful” and “negligent” violations of the Bank Secrecy Act (“BSA”) and its anti-money laundering implementing regulations. CONA is a wholly owned subsidiary of Capital One Financial Corporation (“COFC”).  As part of the agreement, CONA will pay $290,000,000 to the U.S. Department of Treasury (it previously paid $100,000,000 to The Office of the Comptroller of the Currency (“OCC”) in 2018 for similar violations).

The fine, which was one of the larger fines in FinCEN’s history, was imposed even though CONA had taken substantial remedial measures including enhancing its anti-money laundering (“AML”) budget, voluntarily commencing an extensive lookback into years of potentially suspicious transactions, and voluntarily exiting the cash checking business, which was the source of its violations.

From 2008 to 2014, CONA owned and operated the Cash Checking Group (“CCG”) which was a check cashing service for small businesses in the New York- and New Jersey-area.  According to FinCEN, during this time, CONA and CCG’s BSA violations were “significant” and “willful.”

Prior to CONA’s purchase of two regional banks that were subsequently merged and became CCG, CONA was warned by state and federal banking regulators of AML deficiencies at both institutions. The OCC also notified CONA of certain AML risks posed by CCG.  AML program enhancements were subsequently implemented at both CONA and CCG, but they failed to properly address the extent of the issues. According to FinCEN, the programs were “plagued by a number of technical failures,” “gave too much credence to dubious explanations” provided by customers, and had other inconsistencies that prevented their effectiveness. CONA was apparently aware of these deficiencies for years, but failed to remedy the problems.

FinCEN noted several AML measures in particular that were consistently violated or ignored. First, the bank failed to file certain required suspicious activity reports (“SARs”), which are mandated for banks for suspicious transactions of at least $5,000. In certain cases, CCG had direct knowledge of customers’ indictments and guilty pleas (including Domenick Pucillo of the Genovese Organized Crime Family), and still failed to file the required SARs. The bank also failed to file certain currency transaction reports (“CTRs”), which require a report for each transaction of more than $10,000. This failure led to approximately 50,000 reportable cash transactions totaling over $16 billion going unreported to FinCEN.

FinCEN’s actions highlight the importance of financial institutions BSA-compliance obligations and the need to effectively implement all aspects of an institution’s compliance program.  In particular, the settlement repeatedly emphasized properly staffing an institution’s AML compliance function and timely filing SARs and CTRs. In announcing the settlement, FinCEN noted that it “strongly encourages financial institutions and other businesses and individuals subject to the BSA to self-disclose any violations of FinCEN’s regulations and cooperate with its enforcement investigations.”  The agency has not historically had a formal voluntary self-disclosure regime, such as those maintained by the Office of Foreign Assets Control or the Bureau of Industry and Security, but has recently issued a number of statements encouraging such disclosures.  For example, in FinCEN’s recent Statement on the Enforcement of the Bank Secrecy Act, it lists “timely and voluntary disclosure of the violations to FinCEN” as one of the factors it considers when “evaluating an appropriate disposition” of an actual or possible BSA violation.