The AMLA Creates a Significant New Source of Risk for Financial Institutions
Second Blog Post in an Extended Series on Legislative Changes to the BSA/AML Regulatory Regime
As we have blogged, the Anti-Money Laundering Act of 2020 (the “Act”) (part of the National Defense Authorization Act (“NDAA”), passed on January 2, 2021), represents a historic overhaul of the Bank Secrecy Act (“BSA”). One of the most important changes – and certainly one that has attracted great attention by the media and commentators – is Section 6314 of the NDAA, entitled “Updating whistleblower incentives and protections.” The Act’s expanded whistleblower provision is modeled after the Dodd-Frank Act’s whistleblower provisions, and seeks to follow in Dodd-Frank’s footsteps. But, there are some key differences between the Act and Dodd-Frank. The Act also creates a more limited whistleblower program specifically pertaining to foreign corruption.
Aside from expanding the potential monetary rewards, the most significant aspect of the Act is that it explicitly invites internal compliance officers of financial institutions to use the information obtained through their compliance functions in order to pursue a whistleblower reward. This provision highlights the tension between individuals and institutions, and increases the pressure on financial institutions to comply with the law, take whistleblowers seriously, and be ready to deal with employees who purport to be whistleblowers but may be pursuing their own agenda. It also is a prudent time for financial institutions to review their internal complaint procedures and assess whether any changes are warranted given this new development.
Section 6314 amends 31 U.S.C. § 5323 of the BSA to “[update] whistleblower incentives and protection.” And that it surely does. The new law sweetens the deal for prospective whistleblowers in several ways. If the government recovers more than $1 million in an enforcement action, any qualifying whistleblower will receive a mandatory reward of up to 30% of the collected amount. This amendment represents a significant expansion of Section 5323, which previously provided a reward capped at only $150,000, or 25% of the net amount of the award. Further, any award was entirely discretionary under the prior version of Section 5323. The likelihood of an award reaching the $1 million threshold also has increased now because, in another section, the Act doubles the maximum statutory penalties for repeat violators of the BSA. With penalties relating to anti-money laundering (“AML”) and money laundering enforcement actions sometimes now reaching into the hundreds of millions and even, in some cases, billions of dollars, would-be whistleblowers may find these new incentives very enticing.
However, there are limitations. Unlike Dodd-Frank – and the IRS whistleblower program – there is no floor on the percentage (e.g., 10% for the SEC or 15% for the IRS) of the award once given. Further, the definition of “monetary sanctions” – relevant to determining both the $1 million threshold and the percentage of the award – does not include forfeiture. Given the fact that the penalties for many major money laundering and AML enforcement actions often focus on forfeiture, this will be an important exemption.
Similar to Dodd-Frank, the Act sets forth some general criteria for the Secretary of the Treasury to consider when determining the amount of the reward:
- the significance of the information provided by the whistleblower to the success of the covered judicial or administrative action;
- the degree of assistance provided by the whistleblower and any legal representative of the whistleblower in a covered judicial or administrative action;
- the programmatic interest of the Department of the Treasury in deterring violations of this subchapter and subchapter III by making awards to whistleblowers who provide information that lead to the successful enforcement of either such subchapter; and
- such additional relevant factors as the Secretary, in consultation with the Attorney General, may establish by rule or regulation.
The Act provides a disappointed whistleblower with limited recourse. Although the Act provides that the Secretary of the Treasury has discretion to determine “whether, to whom, or in what amount to make awards,” a whistleblower may appeal the Secretary’s decision within 30 days to the “appropriate court of appeals of the United States” under the Administrative Procedure Act (“APA”), which generally limits challenges to government actions under an “arbitrary and capricious” standard. Moreover, the Act’s grant of the ability to pursue an APA challenge does not include the ability to challenge the amount of an award, which is truly discretionary. Accordingly, even a whistleblower claim leading to a massive government enforcement action could result, at least in theory, in a minimal pay-out that the whistleblower could not challenge.
“Whistleblowers” Include Internal Compliance Personnel Going Directly to their Employers
The Act defines “whistleblower” to mean “any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of this subchapter or subchapter III to the employer of the individual or individuals, including as part of the job duties of the individual or individuals, or to the Secretary of the Attorney General.” This definition is very important.
First, and unlike under Dodd-Frank, a qualifying whistleblower does not have to report initially to the government. He or she can blow the whistle directly to their employer. Second, the definition explicitly contemplates that BSA/AML compliance personnel can be whistleblowers, and accordingly use the sensitive AML information that they receive through their job as a sword.
This definition goes to the heart of an issue on which we have blogged: the potential tension between individual compliance officers and their financial institution employers, particularly as government enforcement actions have focused more on compliance professionals – the very people tasked with ensuring BSA/AML compliance. This tension can create potential “Catch 22” scenarios, given an institution’s need to identify potential red flags. On the one hand, acquiring actual knowledge of compliance failures, followed by inaction by the individual or the institution itself, can lead to individual (and corporate) liability. On the other hand, willful ignorance or avoidance of compliance failures also can lead to liability. How much diligence in any given situation is enough? Once a potential problem is identified, how much attention – and at what level – must be paid to it? Skittish compliance officers may become overly defensive in their reporting of potential issues, or even may turn into whistleblowers – particularly now under the Act – against the institution. Conversely, if top management or the board is resistant to addressing a systemic problem, then compliance officers may become scapegoats – or at least may feel like they are being made into scapegoats – for what is really an institutional problem. And that dynamic may motivate compliance officers or others to turn into whistleblowers. Under any scenario, financial institutions must be ready to respond appropriately to such internal reports.
Protection from Retaliation and Statutory Right of Action for Whistleblowers
Section 6315(g) of the NDAA addresses a core concern for potential whistleblowers – retaliation or retribution. The new protection provision, which repeals the prior retaliation protection provision at 31 U.S.C. § 5328, provides that employers may not “directly or indirectly, discharge, demote, suspend, threaten, blacklist, harass, or in any other manner discriminate against a whistleblower in the terms and conditions of employment or post-employment[.]” These broad protections extend to whistleblowers who report suspected wrongdoing to their employer as well as to the government, and may provide plaintiff’s lawyers with an additional retaliation claim in employment actions. In theory, certain compliance professionals may fall within the whistleblower definition on a perpetual basis making any adverse employment action more complicated.
The Act allows for whistleblowers to file a complaint with the U.S. Department of Labor for any retaliatory action taken and, if they do not receive a decision within 180 days, bring the complaint to federal district court and seek a jury trial. A successful whistleblower may be reinstated and potentially receive compensatory damages, double back pay, and reasonable attorneys’ fees. Of course, the Act provides that any whistleblower who knowingly or willfully provides false information or documents loses their entitlement to any potential award.
Take-Aways from the Act
The Act’s whistleblower provisions, and the publicity they have generated in the media and the plaintiffs’ bar, surely will increase pressure on financial institutions, particularly given the fact that AML compliance professionals are now specifically incentivized to report on their employers.
Although this situation yields no easy answers, we repeat our prior suggestions on how employers can best protect themselves from liability and legitimate whistleblowers from retaliation by employing some basic technical and legal controls.
- Employers should ensure that they have policies protecting whistleblowers from retaliation for reporting, in good faith, allegations of company wrongdoing. These policies should not lie on a shelf collecting dust; instead, they should be distributed to all employees and easily accessible on the employer’s intranet or other internal system.
- Employers should train their employees on these policies, and for anyone with supervisory authority, ensure that such training encompasses the concept of retaliation. It is important for supervisors and management to understand the prohibition on retaliation, as well as what kind of conduct can lead to potential retaliation and whistleblower claims.
- Employers should clearly document, in real time, their decision to terminate an individual’s employment. The timing of the decision and the protected activity is often the center of motions for summary judgment, and the timing can be problematic in the absence of evidence that establishes the employer made the decision prior to the protected conduct and/or for reasons unrelated to such conduct. In fact, the temporal proximity of the decision and protected conduct is often the reason courts will deny an employer’s motion for summary judgment.
- Human Resources and/or the Legal Department should review any adverse actions involving individuals whom the employer knows have engaged in protected activity to ensure that the employer is on firm footing proceeding with the adverse action notwithstanding the protected activity.
- The employer should document all materials provided to the employee and the date on which the employer provided such materials. If the employer suspects litigation, it should ensure that copies of all relevant emails and documents are preserved.
Whistleblowing On Foreign Corruption: The Kleptocracy Asset Recovery Rewards Act
At Section 9701 et seq. of the NDAA, the AMLA also contains the Kleptocracy Asset Recovery Rewards Act (“KARRA”), on which we previously blogged when it was proposed legislation. The KARRA provides awards for whistleblowers reporting “financial assets” stolen through “foreign corruption,” although it offers more limited rewards than the domestic program described above.
Over ten years ago, the U.S. Department of Justice announced its Kleptocracy Asset Recovery Initiative, which “redoubled commitment on behalf of the United States Department of Justice to recover” funds obtained by foreign government officials through bribes and kickbacks. As a result of this initiative, the Justice Department targeted those officials who retained bribes through forfeiture actions and whose actions were otherwise outside the scope of the Foreign Corrupt Practices Act (“FCPA”). As we blogged, FinCEN issued in June 2018 an “Advisory on Human Rights Abuses Enabled by Corrupt Senior Foreign Political Figures and their Financial Facilitators” to highlight the connection between corrupt senior foreign political figures and their enabling of human rights abuses. The global growth of kleptocracy, money laundering and tax evasion, and the links to human rights abuses and expanding income inequality, has been drawing increasing attention and concern. The KARRA appears to be the next logical step in this fight.
Although the KARRA envisions a future implementing regulations issued by the Secretary of the Treasury, it defines “financial asset” as “any funds, investments, or ownership interests . . . that on the date of the enactment of this section come within the United States or that come within the possession or control of any United States person.” Likewise, “stolen assets” are defined as “financial assets within the jurisdiction of the United States, constituting, derived from, or traceable to, any proceeds obtained directly or indirectly from foreign government corruption.” Finally, “foreign government corruption” is defined as “corruption, as defined by the United Nations Convention Against Corruption.” This definition is potentially both broad and vague.
The KARRA specifically seeks to reward individuals furnishing information that leads to:
(1) the restraining or seizure of stolen assets in an account at a U.S. financial institution (including a U.S. branch of a foreign financial institution), that come within the United States, or that come within the possession or control of any United States person;
(2) the forfeiture of stolen assets in an account at a U.S. financial institution (including a U.S. branch of a foreign financial institution), that come within the United States, or that come within the possession or control of any United States person; or
(3) where appropriate, the repatriation of stolen assets in an account at a U.S. financial institution (including a U.S. branch of a foreign financial institution), that come within the United States, or that come within the possession or control of any United States person.
Qualifying whistleblowers may be entitled to a reward of up to $5 million. The entire rewards program is limited to payments totaling $25 million on a yearly basis, although the Secretary of the Treasury may waive the $5 million ceiling, and the President may waive the $25 million ceiling. Previously proposed language that the whistleblower and any immediate family may be offered asylum or other protection measures to mitigate the risk of possible retaliation is gone.
The KARRA closes some gaps in current whistleblower protection for foreign government corruption information. It broadens the whistleblower protection otherwise found under the FCPA (as amended by the Dodd-Frank Act), which protects whistleblowers whose reports of bribery prohibited under the Act lead to the successful enforcement of the FCPA. The FCPA itself only applies to those who give bribes, rather than those who receive bribes, and the Department of Justice has used the criminal money laundering statutes in order to indict foreign officials who allegedly received bribes and who are beyond the reach of the FCPA. Under the KARRA, the information provided need only lead to the restraining, seizing, forfeiting, or repatriating of stolen assets and is not tied to the successful prosecution under the FCPA.