The Board of Governors of the Federal Reserve System has announced two enforcement actions against Deutsche Bank AG, an international bank based in Frankfurt, Germany, and several of the bank’s affiliates in New York – the bank’s New York branch, several intermediate holding companies and their subsidiaries (together, “Deutche Bank”).
The first action resulted from violations of consent orders entered in 2015 and 2017 following investigations of Deutsche Bank’s anti-money laundering and sanctions compliance practices. The 2015 order, for which the bank paid a $58 million civil money penalty, was based primarily on US sanctions compliance failures. It required Deutsche Bank to engage a third party to conduct annual sanctions compliance reviews, and to implement enhanced sanctions compliance procedures. The 2017 consent order, which resulted in a $41 million civil money penalty, arose from deficiencies in the US affiliates’ Bank Secrecy Act compliance, particularly in regard to Deutsche Bank’s relationship with the Estonian branch of Danske Bank A/S.
Beginning in 2018, the Federal Reserve Bank of New York conducted several examinations, and found that Deutsche Bank had made insufficient progress toward compliance with either order, leaving the bank’s US operations exposed to high levels of compliance risk, with insufficient internal controls to enable the bank to detect money laundering or sanctions violations activity. In light of these findings, the Board entered into a consent agreement with Deutsche Bank, whereby the bank agreed to cease and desist from further violations, and to remediate the unsafe and unsound practices by:
- Improving systems and data to support the bank’s AML and US sanctions transaction monitoring, particularly with respect to higher risk business lines. This includes conducting data trace analyses, and submitting a plan to remediate data gaps identified by the analyses.
- Implementing a customer due diligence program for medium- and high-risk clients in the higher risk business lines, and;
- Establishing a framework for transaction monitoring, completing effective AML risk identification, setting risk-appropriate alert thresholds, and improving processes so that suspicious activity can be identified and reported.
Additionally, the consent order requires the bank to complete the OFAC compliance review described in the 2015 order, and to allocate adequate financial, staffing, and managerial resources to comply with the 2015, 2017 and present orders.
Pursuant to the consent order, Deutsche Bank must pay a civil money penalty of $186,392,035, composed of civil money penalties of $140,192,035 assessed in connection with violations of the 2015 and 2017 orders, and $46,200,000 assessed because of the unsafe and unsound practices relating to the bank’s BSA and AML control failures in its governance of the relationship between Deutsche Bank Trust Company Americas (one of the bank’s New York affiliates that is party to the consent order) and Dankse Bank Estonia. Pursuant to the order, Deutsche Bank must submit quarterly progress reports to the Federal Reserve.
The second action announced by the Federal Reserve involves the same Deutsche Bank entities and affiliates, but focuses on DWS USA Corporation, an asset management intermediate holding company that is majority-owned by Deutsche Bank. To address deficiencies in governance, risk management and internal controls across the bank’s US operations, it entered into a written agreement with the Federal Reserve. Pursuant to the agreement, Deutsche Bank must submit a three-point plan to the Federal Reserve aimed at enhancing the oversight, effectiveness and comprehensiveness of the bank’s US Transformation & Remediation Office (“USTRO”). The plan must include: measures to enhance the stature, breadth and expertise of the USTRO; measures to ensure effective outcomes from remediation plans, focusing on timelines, data integrity, and resource management, and; measures to ensure proactive communication by the USTRO of concerns about the remediation plan. The written agreement also requires Deutsche Bank to submit a written risk model risk management plan, a risk and control self-assessment, a written plan for the completion of the enhancement of its liquidity risk management function within the bank’s US operations, and a written plan describing the bank’s compliance with the Federal Reserve’s regulatory reporting requirements. Quarterly progress reports describing the bank’s formulation of, and compliance with, these plans must be submitted to the Federal Reserve.
In a statement to the media on July 19, 2023, Deutsche Bank said that the consent order and written agreement related to the bank’s “historic tardiness in adhering to older enforcement actions and agreements, as well as correspondent banking relationship we exited in 2015…. We also recognize that these actions reinforce the need to ensure we stand by our commitments and close our remediation obligations in the near future.” The bank goes on to describe the actions it has taken to strengthen its compliance processes, including increasing the size of its global anti-financial crime team by more than 25 percent.