DOJ Official Spells Out Effective Compliance For Institutions to Thwart AML, Other Crimes

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Yin Wilczek

March 16 — Following the prosecution of Commerzbank AG for anti-money laundering (AML) and other violations, a top Department of Justice official March 16 warned that financial institutions must have effective compliance programs.

Leslie Caldwell, attorney general for the DOJ's Criminal Division, stressed during an AML conference in Florida that for effective AML and sanctions compliance, firms must know their customers.

“An institution must ensure that its anti-money laundering, sanctions and other compliance policies and practices are tailored to identify and mitigate the risks posed by its portfolio of customers, and that those customers are providing complete and accurate information,” Caldwell said.

In addition, banks that operate in the U.S.—whether they are based in the U.S. or U.S. branches of a foreign institution—must comply with U.S. law, which requires sharing information with other branches and offices on potentially suspicious activity, Caldwell said.

“In our view, to effectuate these practices, financial institutions with a U.S. presence should give U.S. senior management a material role in implementing and maintaining a bank’s overall compliance framework,” she said.

In the same address, Caldwell also discussed nonprosecution and deferred prosecution agreements.

Commerzbank Case 

Earlier in March, Commerzbank agreed to pay $1.45 billion to settle multiple U.S. investigations over sanctions violations claims and its role in one of Japan's biggest accounting scandals.

The deal included a consent order in which New York's Department of Financial Services ordered Commerzbank to hire an independent monitor and terminate four employees. The head of compliance in the New York branch resigned as a result of the DFS probe.

The case continues an emerging trend in which compliance personnel have been targeted for AML deficiencies, as happened in the prosecution against BNP Paribas SA.

In her speech, Caldwell added that all financial institutions must be “candid with regulators” and be forthcoming when providing information.

“Overall, we expect financial institutions to take compliance risk as seriously as they take other business-related risks,” she said. “Although compliance may not be a profit center, investment in compliance will pay off—and it’s the right thing to do.”

Caldwell pointed to the Commerzbank action as an example for why global institutions must have effective compliance programs.


In other comments, Caldwell said that cybersecurity is something financial institutions cannot afford to overlook.

“If your companies have not already done so, you need to make state of the art cybersecurity a top priority, and compliance with cybersecurity policy, a major priority,” she said. “Cybersecurity compliance is critical, because even a single human error, such as one person opening the wrong email and thereby allowing access to a company’s computer systems, can have devastating consequences.”

More generally, Caldwell warned that good compliance programs are corporations' “first line of defense” against financial crime as well as an important factor when prosecutors determine whether to bring charges. She outlined the hallmarks of a good compliance program, echoing points that she made in a prior speech in October 2014.

Caldwell said that essentially, a compliance program should:

• involve top level commitment from directors and senior managers;

• ensure compliance officials have “stature” within the company as well as adequate funding and resources;

• be clear and in writing, and easily understood by employees;

• be effectively communicated to employees;

• include periodic reviews; and

• have enforcement mechanisms.


Caldwell also noted that the DOJ, when evaluating a firm's compliance policies during an investigation, will not look only at how the policy reads on paper. The department also will assess “the messages conveyed to employees, including through in-person meetings, emails, telephone calls and compensation,” she warned.

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at

The text of Caldwell's speech is available at

The NYDFS announcement is available at


Request Corporate on Bloomberg Law