The New York State Department of Financial Services (DFS) recently fined Mashreq Bank $40 million after it was determined that the branch’s New York location had inadequate OFAC (Office of Foreign Assets Control) and U.S. Anti-Money Laundering (AML) systems in place.

The bank clears more than US$350 billion in transactions annually, with many clients located in the high compliance risk regions of Southeast Asia, the Middle East and North Africa.

The DFS conducted two examinations of Mashreq Bank’s procedures and policies in 2016 and last year. While no specific willful violations were uncovered, the reviews found multiple deficiencies with their compliance program.

While this case involves a bank, the following key takeaways applies to non-bank businesses, as well:

  1. Set aside sufficient manpower to review compliance alerts
    • Questionable transactions should be dealt with in a timely manner, reducing the risk of compliance violations
  2. Have a proper audit trail in place
    • Make sure that the rationale for waiving certain transactions or cases are properly documented in case of a government review later
  3. Implement a robust OFAC and related sanctions screening system together with appropriate infrastructure including procedures and policies
    • While Mashreq Bank implemented a new sanctions screening system, there were gaps in execution, especially with regards to vetting compliance alerts. Additionally, DFS found that Mashreq’s “transaction monitoring system was not properly calibrated to monitor risks associated with certain common scenarios” and that its compliance infrastructure was not sophisticated enough

The DFS accused the bank of failing to comply with previous warnings issued in both 2016 and 2017. According to them, “despite some progress, the bank failed to fully correct a number of deficiencies in the branch’s compliance program.”

“Mashreqbank failed to fully comply with critical New York and federal banking laws aimed at combating international money laundering, terrorist financing and other related threats,” DFS Superintendent Maria Vullo said in a statement.

In response, the bank accepted the $40 million fine and made it clear that it would not appeal it. A spokesperson for the company stated that the company was devoting “substantial financial and corporate resources” to improving legal compliance at the New York branch in question.