WASHINGTON – The Financial Crimes Enforcement Network (FinCEN) today announced the assessment of a $4 million civil money penalty (CMP) against Gibraltar Private Bank and Trust Company of Coral Gables, Florida, for willfully violating federal anti-money laundering (AML) laws, known collectively as the Bank Secrecy Act. Since first warned of its deficiencies in 2010, Gibraltar’s compliance failures persisted until its primary regulator, the Office of the Comptroller of the Currency (OCC), placed Gibraltar under a Consent Order in 2014. The OCC today also issued a $2.5 million CMP against the bank.
Gibraltar’s substantial AML program deficiencies led to its failure to monitor and detect suspicious activity despite red flags. These deficiencies ultimately caused Gibraltar to fail to timely file at least 120 suspicious activity reports (SARs) involving nearly $558 million in transactions occurring during 2009 to 2013. These deficiencies also unreasonably delayed Gibraltar’s SAR reporting regarding accounts related to a $1.2 billion Ponzi scheme led by Florida attorney Scott Rothstein. Timely filed SARs play an important role in law enforcement’s detection of criminal activity. Mr. Rothstein was convicted in 2010 and sentenced to 50 years in federal prison.
“We may never know how that scheme might have been disrupted had Gibraltar more rigorously complied with its obligations under the law. This bank’s failure to implement and maintain an effective AML program exposed its customers, its banking peers, and our financial system to significant abuse,” said FinCEN Director Jennifer Shasky Calvery.
Gibraltar’s transaction monitoring system contained incomplete and inaccurate account opening information and customer risk profiles, which hindered its compliance staff from adequately spotting unusual account activity. Gibraltar also failed to sufficiently address an automated monitoring system that generated an unmanageable number of alerts, including large numbers of false positives, which caused significant delays in Gibraltar’s review. Gibraltar also failed to properly train its compliance staff, and failed to develop and implement an adequate customer identification program.
FinCEN coordinated its enforcement action with an action by the OCC. The assessment will be deemed satisfied by an immediate payment of $1.5 million to the U.S. Department of the Treasury, and by paying $2.5 million in accordance with the penalty imposed by the OCC.
FinCEN seeks to protect the U.S. financial system from being exploited by illicit actors. Its efforts are focused on compromised financial institutions and their employees; significant fraud; third-party money launderers; transnational organized crime and security threats; and cyber threats. FinCEN has a broad array of enforcement authorities to target both domestic and foreign actors affecting the U.S. financial system.