top of page

Top compliance failures in 2022

Large banks that serve the military have anti-money laundering (AML) compliance issues, financial industry titans have been held accountable for years of noncompliant off-channel conversations, and a manufacturing company that did business with terrorists. The yearly list of ethics and compliance breaches for 2022 published by Compliance Week contains several examples of poor decision-making, risk management, and leadership.


Numerous AML and Bank Secrecy Act (BSA) compliance concerns have been ignored by USAA Federal Savings Bank for years. Former workers claimed that it will not be long before the bank's customers start to feel the effects of its compliance shortcomings.

At the end of 2021, USAA will have more than $211 billion in total assets, well surpassing its beginnings as a small bank. More than 13 million military personnel and their families are served by USAA Federal Savings Bank, a subsidiary of the company's insurance division that was established in 1983.

According to a former director of compliance at USAA Bank who reported the issue to authorities in March 2020 and spoke with Compliance Week reporter Jaclyn Jaeger as part of an exclusive series published in May, the bank's compliance culture has been "catastrophically mismanaged" despite having a strong balance sheet. The series covered the bank's alleged misrepresentation of American authorities as well as the bank's rotating chief compliance officers.

The Financial Crimes Enforcement Network (FinCEN) and Office of the Comptroller of the Currency (OCC) imposed a $140 million fine on USAA Bank in March for its "wilful" failure to establish and maintain a BSA/AML compliance program. The OCC had earlier fined it $85 million in 2020 for many of the same issues. The bank's "significantly understaffed" compliance program was mentioned by FinCEN and acknowledged by USAA as a primary cause for its persistent violations of federal banking regulations since at least 2016.

The regulators' findings of problems, according to the USAA whistleblower who talked with Compliance Week, "are just the tip of the iceberg."


As the cryptocurrency trading platform Bittrex discovered in October, virtual currency must adhere to the same BSA/AML regulations as fiat money.

It was discovered that Bittrex had transacted with individuals and organizations in countries and regions subject to U.S. sanctions, such as Cuba, Iran, Sudan, Syria, and the Crimean area of Ukraine, in excess of 116,000 times for a total value of $263 million. The platform was assessed a $29 million penalties for these offenses by FinCEN and the Office of Foreign Assets Control (OFAC).

Bittrex did not have a BSA/AML compliance program throughout its first year of operation. It engaged a vendor in February 2016 to start checking its trades for potential sanctions violations. However, the vendor ignored clients residing in sanctioned areas and only highlighted transactions performed by individuals and organizations on OFAC's List of Specially Designated Nationals and Blocked Persons (SDN List).

Despite executing 22 transactions of virtual assets worth $1 million or more each involving sanctioned jurisdictions from February 2014 to May 2017, Bittrex did not submit a single suspicious activity report with FinCEN during that time.

The case represented the first time FinCEN and OFAC had worked together in the area of virtual currencies. Any fintech firm, whether it offers services in virtual or fiat cash, can benefit from the action's underlying message, which is as follows: A BSA/AML program must be in place before to the introduction of a service, not years later.

To handle the proceeds of their unlawful activities, criminals and individuals in sanctioned areas will choose services with inadequate compliance standards. Regulators will eventually inquire as to the effectiveness of your company's BSA/AML compliance procedures.


One of the biggest cryptocurrency exchanges in the world as of Nov. 6 was FTX, with a market cap of over $16 billion. Professional players Tom Brady and Steph Curry were among the firm's influential patrons, and it aired pricey but well-received Super Bowl commercials. The company also bought the name rights to the Miami Heat's arena. The goal of all the marketing was to persuade the public that cryptocurrencies were a secure investment.

Investors and clients of FTX, however, became alarmed after hearing that the company's assets were linked to those of Alameda Research, another business owned by owner Sam Bankman-Fried. At once, thousands of people tried to withdraw money from their FTX accounts. After six days, FTX submitted a bankruptcy petition on November 11. The CEO, Bankman-Fried, resigned.

Although it is unclear whether regulation of the cryptocurrency market could have prevented the collapse, it might have given investors knowledge of FTX's fundamental flaws.

John Ray, who managed Enron's bankruptcy, was hired by the corporation to take Bankman-place Fried's and sort through the rubble. The "complete failure of corporate controls" that FTX apparently used to lend Alameda $10 billion in client funds to cover the latter's losses was what he discovered, and it was shocking.

The prior financial statements of Bankman-Fried could not be believed. According to a Reuters article dated November 13, at least $1 billion in funds—and possibly more—at first looked to be missing or stolen. Which was not obvious.

 Ray wrote in his filing with the bankruptcy court: "From compromised systems integrity and faulty regulatory oversight abroad to the concentration of control in the hands of a very small group of inexperienced, unsophisticated, and potentially compromised individuals, this situation is unprecedented."


Although it should go without saying, paying bribes in order to obtain contracts or outwit competitors is against the law and unethical.

In what appears to be the price of doing business in civil war-torn Syria, the French multinational construction supplies giant Lafarge initiated a scheme to pay more than $7 million in bribes to two terrorist organizations and middlemen. Later, the business increased its bet and signed a revenue-sharing deal with the Islamic State of Iraq and al-Sham (ISIS).

ISIS received compensation in the form of payments based on the quantity of goods Lafarge and its Syrian subsidiary were able to sell in exchange for helping to raise prices for rivals. Through the agreement, Lafarge's Syrian operation saw sales of almost $70 million in 2013–14.

The Department of Justice (DOJ) imposed a $778 million fine on Lafarge in October after company entered a guilty plea to its offenses. The business is also threatened legally in French courts for the same wrongdoing, including accusations of complicity in crimes against humanity.

The misbehavior was made worse by Lafarge's efforts to hide the fraud. The company's workers asked the terrorist organizations not to use the company's name in written agreements, prepared fictitious invoices to conceal the true purpose of the payments, and mostly dealt with the terrorist organizations via personal emails.

According to the DOJ, neither Lafarge nor the Swiss firm that acquired it, Holcim, properly cooperated with the ensuing investigation into the wrongdoing when the plan was discovered.

Off-channel communications for large banks

Over the course of several years, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) levied fines totaling more than $2 billion against a dozen banks and investment firms for failing to enforce policies prohibiting employees from using personal devices for work-related purposes. The employee used personal emails, WhatsApp, WeChat, and other electronic communications to discuss transactions with customers, rivals, and other coworkers, which was considered misbehavior.

Additionally, senior managers who were supposed to be implementing the restriction engaged in off-channel communications.

In September, the regulators imposed fines totaling more than $1.8 billion on 11 banks, investment firms, and their subsidiaries for their "widespread and longstanding  failures" to monitor, maintain, and preserve the employee electronic communications. Bank of America agreed to pay $225 million, while $200 million fines were levied against Barclays, Citigroup, Deutsche Bank, Credit Suisse, Goldman Sachs, Morgan Stanley, and UBS. Each company acknowledged its wrongdoing.

The enforcement campaign started when the SEC and CFTC fined JPMorgan Chase $200 million in December 2021 for identical compliance violations. The SEC is evidently still looking into investment firms Apollo Global, Carlyle Group, and KKR in relation to employee off-channel communications, thus it appears that the investigation is not yet finished.

Regulators do not like it when people choose to disregard a problem because everyone else is doing it.



bottom of page