On January 8, the United States District Court for the District of Minnesota denied a motion by Thomas Haider, MoneyGram’s former chief compliance officer, to dismiss a government complaint seeking to hold him personally liable for a $1 million civil penalty for MoneyGram’s violations of the Bank Secrecy Act (BSA).

In particular, the court upheld the government’s theory that the BSA allows individual liability for willful violations of the Act’s requirement to maintain an effective anti-money laundering (AML) program, and that such violations can occur when a compliance officer fails to prevent willful AML program violations by his financial institution.

This represents only the second time that the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has sued to enforce a civil penalty (the last was in 1994), and this decision appears to be the first to interpret FinCEN’s authority to impose individual liability for AML program violations. It will add fuel to a broader effort by FinCEN and other regulators to hold individuals accountable for AML related failures at their institutions.

MoneyGram entered into a deferred prosecution agreement in 2012 with the Department of Justice in which it admitted to willfully violating the BSA by failing to maintain an effective AML program in relation to repeated incidents of fraud conducted through MoneyGram agents.

FinCEN then assessed a $1 million individual civil penalty against Haider in December 2014, alleging that he violated the BSA’s AML program and suspicious activity reporting provisions by willfully failing to ensure that MoneyGram complied with its BSA obligations on the same facts. The United States Attorney for the Southern District of New York simultaneously brought suit on FinCEN’s behalf to obtain a judgment enforcing the assessed penalty, and also sought to bar Haider from participating in the affairs of a financial institution for a period of years to be determined at trial, the first time FinCEN has sought such an injunction.

Haider argued that he could not be held liable for violations of 31 U.S.C. § 5318(h) because it refers only to the obligation of “financial institutions” to maintain AML programs and does not specify any obligation for individuals, in contrast to other requirements that do. The court rejected this argument, reasoning that the statute’s general civil penalties provision at 31 U.S.C. § 5321(a), establishing penalties for any “domestic financial institution” or “partner, director, officer, or employee” thereof that willfully violates any provision of the BSA except for two excepted provisions, implied the availability of individual liability in non-excepted sections like § 5318(h).

The court also rejected Haider’s argument that the government’s assessment of a civil penalty against him without a prior administrative hearing before a neutral arbiter denied him due process. The court agreed with the government that the assessment itself did not deprive Haider of any property interest because the government was required under the structure of the BSA to file a civil action to enforce it, with factual issues of liability to be determined at trial on a de novo standard of review after full discovery. This holding is consistent with previous BSA actions, but represents a significant difference between enforcement under the BSA and enforcement by other financial regulators, where administrative proceedings before the assessment of a penalty result in a deferential standard of review by federal courts on a record compiled by the agency.

Although it means a harder road for FinCEN to enforce its assessments, FinCEN’s action against Haider demonstrates a willingness to pursue in court such enforcement in cases where settlement cannot be reached, and to take risks to reach individual liability.

The court further upheld the government’s use of criminal grand jury information from the MoneyGram prosecution to support its civil assessment and complaint, declining to review another court’s order permitting disclosure of the materials under 18 U.S.C. § 3322(b). Section 3322(b) allows courts to order disclosure of matters occurring before a grand jury in an investigation of a “banking law violation” (defined to include the BSA) to a “Federal or State financial institution regulatory authority” for “use in relation to any matter within the jurisdiction of such regulatory agency.” Reported cases on this section are rare, and this is the first to suggest that FinCEN may avail itself of this provision.

Banks and other financial institutions should anticipate going forward that FinCEN may use information from money laundering and other banking law grand jury investigations as a basis to bring its own civil enforcement actions under the BSA.

The court deferred ruling to allow further factual development on Haider’s arguments that: (1) the government’s claim for equitable relief is punitive in nature and therefore barred by the general statute of limitations at 28 U.S.C. § 2462 for civil penalties; and (2) alleged bias by FinCEN’s Director and alleged leaks by FinCEN personnel about the case deprived him of due process. The court also deferred ruling on whether FinCEN’s penalty determination would be reviewed on an abuse of discretion standard, as has been the practice in other BSA cases.

FinCEN’s action continues a trend toward holding individual corporate officers, and in particular compliance officers, liable for failings at financial institutions. These include: (1) the Financial Industry Regulatory Authority’s (FINRA) February 2014 penalty against Brown Brothers Harriman’s global AML compliance officer for AML violations there; (2) the DOJ’s September 2015 “Yates memo” announcing changes to DOJ policy to further leverage corporate cooperation credit in order to prosecute culpable individuals; (3) the Securities and Exchange Commission’s (SEC) April 2015 penalty against the chief compliance officer of Black Rock Advisors, LLC, for contributing to breaches of conflict of interest reporting requirements; (4) the SEC’s June 2015 settlement with the chief compliance officer of SFX Financial Advisory Management Enterprises for compliance failures that contributed to a corporate officer’s alleged misappropriation of client funds; and (5) a rule proposed in December 2015 by the New York Department of Financial Services that would impose detailed requirements for the operation of AML and sanctions-related compliance programs and require compliance officers to certify annually that programs at their institutions comply with these requirements, with criminal penalties for false or incorrect certifications.