News

The $390 million in penalties assessed against Capital One in the past two years for deliberate anti-money laundering violations reveals the sometimes sluggish and opaque manner in which U.S. regulators pursue enforcement, sources told ACAMS moneylaundering.com.

Officials with the Treasury Department’s Financial Crimes Enforcement Network disclosed the latest penalty Friday, fining the McLean, Virginia-based institution $290 million for failing to adequately monitor the cashing of millions of dollars worth of checks by more than 100 customers from 2008 until the bank exited the business in December 2014.

As a result of these lapses, tax evaders, fraudsters and other financial criminals, including Domenick Pucillo, who pleaded guilty in 2019 to laundering the proceeds of loan sharking and illegal gambling for the Genovese crime family, successfully funneled millions of dollars through Capital One, FinCEN found in a 22-page assessment of the civil monetary penalty.

The bureau disclosed the penalty roughly six-and-a-half years after the last violation occurred, and a little more than two years after the Office of the Comptroller of the Currency fined the lender $100 million for AML deficiencies that the regulator first identified in a July 2015.

FinCEN took the OCC’s actions into account. But the OCC’s 2015 and 2018 consent orders did not address the lender’s “willful” failure to abide by the Bank Secrecy Act when serving check-cashing clients, focusing instead on its subpar controls for remote deposits and correspondent banking.

That the violations flagged by FinCEN appear to have occurred contemporaneously with those cited by the OCC raises questions over the sequence and timing of the three enforcement actions, said Jim Richards, former head of BSA compliance at Wells Fargo.

“The OCC examined Capital One every year for BSA,” Richards, now principal of RegTech Consulting in California, wrote in an email. “How can this check cashing group activity have gone on for seven years without the OCC (apparently) doing anything about it? And why did it take FinCEN six years (since the OCC’s original 2015 consent order) to resolve this?”

Prior to Friday’s penalty against Capital One, FinCEN over the past 10 years had disclosed 16 enforcement actions against banks.

Fourteen of those previous actions covered violations that occurred in the four years prior to the date FinCEN took action against them, and only two—a January 2014 penalty against JPMorgan Chase and a February 2015 penalty against First National Community Bank of Pennsylvania—addressed breaches that, like Capital One’s, happened at least six years before.

The group

Capital One established the check cashing group, or CCG, under the tent of its commercial unit’s “middle market lending” division in 2008 after acquiring several regional banks, including North Fork Bank and between 90 and 150 of its check-cashing customers in New York and New Jersey.

The bank used armored cars to deliver these customers—usually storefronts that charged individuals and businesses a fee to convert their checks into currency—the banknotes they needed to operate, and processed the checks they collected through more than 1,000 accounts.

Examiners for the OCC had previously identified AML lapses at North Fork Bank, particularly its check-cashing group, and at a second regional lender, Hibernia Bank, which Capital One acquired in November 2015, FinCEN noted Friday. The regulator then flagged those lapses to Capital One.

Separately, in 2008, an unidentified CCG customer of Nork Fork Bank faced criminal charges related to their work, providing Capital One with yet another “early warning” of the vulnerability of the check-cashing business it had assumed by moving into the regional market.

“CONA [Capital One National Association] responded to these issues and risks by implementing certain AML controls, but these efforts … failed to effectively address the illicit finance risk associated with the CCG,” FinCEN claimed Friday.

Compliance officers at Capital One ranked nearly all the new check-cashing clients among the top 100 of the bank’s 6,000 highest-risk clients, enterprise-wide. C&F Inc., a check-cashing firm controlled by Domenick Pucillo, ranked 21st.

The rating triggered enhanced due-diligence reviews on a semiannual basis, including negative-news screening and transactional analysis, but the lender failed to properly identify and investigate suspicious activity, such as patterns and volumes of payments that departed from the norm, FinCEN found.

“As long as the activity appeared to be related to the business model … or had a ready explanation for deviations … [it] was deemed ‘reasonable’ and the initial high-risk alert was closed without further action,” the bureau found. “Although CCG accounts were reviewed again after initial reviews, often these further reviews were perfunctory.”

Capital One also flopped the implementation of a data-filtering tool, the “large item report,” or LIR, which was established for the specific purpose of keeping tabs on check cashers’ customers who sought to exchange checks of more than $9,000.

“In December 2010, CONA made a change to the way its transactional data streams were coded for all customers, which caused checks cashed at several CCG customers, including … all of Pucillo’s check-cashing businesses … to not appear on the LIR until 2013,” FinCEN noted. “In August 2012, CONA made a generally applicable coding change, which caused all of the remaining CCG customer data streams to disappear from the LIR.”

AML staff reported the issue to Capital One’s technical support in September 2012, but waited until July 2013 to order a “voluntary lookback” of all transactions that missed inclusion in the LIR in the year that the tool failed to function.

From January 2009 to December 2013, AML staff also warned their managers of suspicious activity pertaining to at least 30 CCG customers, including “excessive corporate check cashing,” “structured third-party checks” and transactions that appeared to stem from “a medical fraud ring.”

Instead of acting on the suspicions of compliance employees, bank managers directed them request more information from the bank’s business side.

Compliance personnel subsequently accepted what FinCEN characterized as “vague and implausible” explanations, ranging from “Hurricane Sandy work,” to a “high number of customers in February because of tax refunds being cashed at the stores,” to “aggressively looking to manage down excess currency.”

Capital One did not file a single suspicious activity report on a check casher until October 2009, and afterwards continued to disregard the red flags they raised “even as it detected and reported activity by the check casher’s customers.”

Pucillo controlled six check-cashing firms that had accounts at Capital One, making him the fourth-largest client of the bank’s CCG. He managed to evade scrutiny for the entirety of his 5-year relationship with the bank, even after evidence of his links to organized crime emerged in early 2012 and learning that he faced federal money-laundering charges in Jan. 2013.

“Despite this information, from this point until Dec. 13, 2013, CONA allowed Pucillo’s entities to conduct over 20,000 transactions valued at approximately $160 million through 23 CONA deposit accounts, including cash withdrawals,” FinCEN found. “During this approximate one-year window, CONA failed to formally identify or report any suspicious activity naming Pucillo or his entities.”

James Candelmo, who joined Capital One in 2016 as chief AML officer to address the compliance violations that ended in 2014, did not return calls seeking comment on FinCEN’s action.

OCC

The civil monetary penalty against Capital One covers “blatant violations” that stem from an exceptionally high-risk financial product, Ross Delston, an AML attorney in Washington, D.C., said, adding that the OCC’s apparent decision to not address those breaches in 2015 or afterwards is unusual.

“This might signal a regulatory lapse on the part of the OCC,” Delston said. “Why didn’t examiners spot this conduct earlier through the risk-based approach they are supposed to use when examining banks?”

FinCEN’s penalty acknowledges the OCC’s 2015 and 2018 consent orders against Capital One “for related conduct at issue in this matter,” but does not further specify how the agency’s actions overlap with its own.

OCC consent orders typically explain violations in general terms while outlining the proposed steps for remediation.

In the 31-page order from July 2015, the agency found that Capital One used deficient systems to monitor transactions and manage risks tied to remote deposit capture, did not adequately vet correspondent clients and failed to report “significant” volumes of suspicious activity.

In August 2018, the OCC issued a second consent order against Capital One after determining that the lender had failed to eliminate the previously cited deficiencies in a prompt fashion and still lagged in reporting suspicious payments. Neither the first or second order, which came with a $100 million fine, mentioned check cashing.

FinCEN’s delay in taking action may stem from the bureau’s relatively small, overworked staff, said Dan Stipano, former deputy chief counsel for the Office of the Comptroller of the Currency.

“The result, however, is that FinCEN sometime assesses penalties not only years after the violations were committed, but also after they were remediated,” Stipano, now a partner at Davis Polk & Wardwell in Washington, D.C., told ACAMS moneylaundering.com.

The OCC terminated its enforcement action against Capital One on Nov. 4, 2019, after finding that the lender had finally complied with its terms.

FinCEN also recognized Capital One’s cooperation in self-disclosing the violations, back-filing more than 50,000 currency transactions reports in 2011 and voluntarily exiting the check-cashing business by December 2014.

“The OCC’s previous comprehensive orders were taken based on its examination and investigative findings of the bank’s BSA/AML weaknesses and address related deficiencies contributing to the issues identified by FINCEN in its order,” a spokesperson for the regulator told moneylaundering.com.

Contact Valentina Pasquali at vpasquali@acams.org