In February 2014, the Financial Industry Regulation Authority,the self-regulatory body for the U.S. securities industry,suspended a former global anti-money laundering compliance officerat Brown Brothers Harriman & Co. and assessed a record $8million fine against the firm for its inadequate Bank SecrecyAct/anti-money laundering program and lack of oversight related tosuspicious penny stock transactions. The former compliance officerpersonally paid $25,000 under the settlement he and Brown BrothersHarriman entered with FINRA.

And in December 2014, the U.S. Attorney's Office for theSouthern District of New York filed a civil enforcement actionagainst a former chief compliance officer for MoneyGram to enforcea $1 million penalty assessed by the U.S. Treasury Department'sFinancial Crimes Enforcement Network. FinCEN based its assessmenton the officer's alleged role in compliance violations related tothe use of MoneyGram's services by perpetrators of fraudulenttelemarketing and other schemes.

The former officer's attorneys stated, “FinCEN's action todaymarks the first time, to our knowledge, that the government hasfiled suit to hold an individual compliance officer personallyresponsible for alleged anti-money laundering compliance failuresof his employer.”

The laws subjecting compliance officers to individual liabilityare not new. Under the BSA, willful violations of the statute orits implementing regulations by an institution and any of itspartners, directors, officers or employees are punishable by acivil penalty of $25,000 (or the amount of the transaction atissue, up to $100,000) per day for each day the violation continuesand at each office or location where it occurs or continues. Thesepenalties have long been available against individuals as well asthe institutions for which they work. However, until the last year,regulators had rarely sought such penalties against individualofficers.

So what is different today? Given the changes in the enhancedregulatory landscape, it is no surprise that more cases againstindividual compliance officers are now being brought. Addressingthe Senate Committee on Banking, Housing, and Urban Affairs inMarch 2013, Treasury Undersecretary David Cohen pledged that FinCENwould make greater use of its ability to impose penalties onindividuals, noting that although “FinCEN has employed these toolsonly occasionally in the past, in the future FinCEN will look formore opportunities to impose these types of remedies in appropriatecases.”

The selection of high-profile former federal prosecutors to headfinancial regulatory agencies underscores the increased emphasisplaced on robust enforcement. For example, the current chair of theSecurities and Exchange Commission served as the U.S. Attorney forthe Southern District of New York, and FinCEN's director was chiefof the Asset Forfeiture and Money Laundering Section at the U.S.Department of Justice. Whereas regulators may naturally tend tofocus on institutions, former prosecutors are at ease with theconcept of individual liability for institutional failings.

In this charged atmosphere, how does an individual complianceofficer protect him or herself? Because compliance officers aregenerally at the mercy of strategic decisions and budgetaryconstraints imposed by high-level executives and boards ofdirectors, they are much less likely to be left holding the bag ifthey can involve those at the top in the decision-making process.Compliance officers do their job, and thus insulate themselves fromliability, by making sure the C-suite is well-aware andoft-reminded of what the rules require, as well as the risks andconsequences of not adequately addressing an AML concern. FinCENmade the former MoneyGram compliance officer's inaction when heknew of illicit activity at the center of its allegations. Whencompliance officers lack authority to make the necessary decisions,their job is to educate those who have that authority, including onthe elements of an effective compliance program.

And this is exactly what regulators are looking for. Regulatorsare convinced that a true culture of compliance can only beachieved with buy-in from the top. Whether it involves improvinginternal controls, allocating additional funds or hiring morecompliance staff, serious deficiencies are rarely addressed withouthigh-level involvement. Similarly, getting the business to manageits risk appetite — regardless of whether that risk relates to aproduct, a customer or a service — can rarely be accomplishedwithout senior management weighing in, imposing discipline andmaking decisions in the best interests of the entire organization.Such a process should be memorialized in written compliance plans,board resolutions and compliance committees made up of employeesfrom various disciplines.

Lest one wonder if this is really the message being sent byregulators and prosecutors, witness the remarks of Thomas Curry,the Comptroller of the Currency, before the Association ofCertified Anti-Money Laundering Specialists in March 2014: “There'sa reason why I've addressed our concerns to senior executives,including the chief executive officers, of the banks and thrifts wesupervise. The fact is, when we look at the issues underlying BSAinfractions, they can almost always be traced back to decisions andactions of the institution's board and senior management.”

Those underlying issues, he explained, involve theorganization's culture of compliance, the strength of itsinformation technology and monitoring process, the resources theorganization has allocated to BSA compliance and the quality of theorganization's risk management.

“Those are all matters that require the attention of seniormanagement, starting with the chief executive's office,” hesaid.

In short, although the heightened enforcement atmosphere meansincreased scrutiny, BSA/AML compliance officers have an opportunityand incentive to redouble the involvement of senior management inevery aspect of the institution's compliance regime.