With the New York Department of Financial Services intending to fine Habib Bank $629.6 million (€530½ million), the bank has decided that it has no choice but to quit the United States.

The bank's New York branch is its only one in the country. In 2015, that branch was subject to a consent order by the NYDFS and a 'cease and desist' order by the Federal Reserve Bank of New York.

Habib Bank has been trying to 'remediate' its operations over the last two years, but the NYDFS remains unmoved. The actual penalty has not yet been imposed but merely proposed. Habib Bank is going to contest this in the scheduled administrative hearing and the courts of law in the United States, calling it "unjustified, capricious, unreasonable, not supported by facts or law and...time-barred."

The regulator has allowed Habib Bank (which had $1 billion in total revenues worldwide in 2016 and $24 billion in total assets) to submit a voluntary application for the orderly winding-down of its business in New York, which received its licence in 1978. Steps to formalise this will commence shortly.

A stinging rebuke

The NYDFS's charge sheet, criticising the bank for bad anti-money-laundering (AML) controls, starts off with a stinging rebuke: "The bank's compliance function is dangerously weak. Head office screening, which the branch has repeatedly relied on as an excuse for its own lax attitude regarding Bank Secrecy Act/AML safeguards, appears to be as weak as that of the Branch itself, if not even more inadequate. For these reasons...the branch should receive the lowest possible rating.

"Although the Bank has been given more than sufficient opportunity to rectify its deficiencies, it has utterly failed to do so, demonstrating a sheer inability to accomplish remediation, a stubborn unwillingness to do so, or both. Indeed, presently the New York Branch is losing key compliance staff due to resignations, including its chief compliance officer."

Previous agreements

The bank has never ceased to struggle to comply with a written agreement it made in 2006 with the NYDFS's predecessor. Its efforts to comply with the Bank Secrecy Act 1970 and the dictates of the US Office of Foreign Assets Control have broken down repeatedly and 'violations' have taken place in every year except 2009.

Things deteriorated and, after another regulatory visit in 2015, the bank signed a consent order with the regulator in December. In that year, the branch processed correspondent banking transactions (allegedly badly) to the value of $287 billion. Another visit in March 2016 revealed severe AML weaknesses as well. These included:

• bad BSA/AML compliance;
• bad training;
• 'insufficient' customer risk ratings, including risk-based foreign correspondent 'due diligence';
• not enough documents collected for "enhanced due diligence" (EDD) customers;
• bad senior management
• bad "head office governance, oversight, and documentation";
• no evidence for adequate OFAC/sanctions screening;
• bad independent testing for BSA/AML purposes;
• bad auditing at the branch, including bad rating methods on the part of the internal auditors; and
• weaknesses in data mapping and data integrity.

There were also 855 "batch-waived" (i.e. discounted en masse) transaction alerts that branch staff cleared without their superiors (either on the spot or in distant Karachi) writing down why. There was no evidence of sanctions screening for several financial products being offered at the branch.

The Al Rajhi connection

The branch's deficiencies are all the more worrying in view of Al Rajhi Bank having one of its largest US dollar clearing accounts. Al Rajhi, the largest private bank in Saudi Arabia which has often been linked to al Q'aeda in adverse media reports. HSBC, which itself had to pay a massive $1.9 billion in AML fines in 2012, had also had a questionable relationship with that bank in years gone by.

The regulator's visit found that Habib Bank's KYC/'customer due diligence' efforts regarding Al Rajhi Bank were deficient in terms of both administration and documentation. Nobody compared the correspondent account's expected activity with its actual activity. The NYDFS therefore concluded that the Al Rajhi account at Habib Bank's Head Office was engaging in downstream correspondent clearing activities for several of Al Rajhi's own affiliates in Malaysia, Jordan and elsewhere. 'Nesting' has always been a common method of laundering money at private banks and it allegedly took place with on record of such activity being kept in the 'customer file' on Al Rajhi at Habib Bank's New York office.

Message stripping and other misdeeds

In March 2016 the regulators also uncovered more than 13,000 transactions with SWIFT payment messages that omitted essential information, such as the identities of the ultimate originator and the beneficiaries, plus many instances in which someone had improperly aggregated many SWIFT payment messages into a single message for processing through the branch, making proper screening impossible.

Head Office in Karachi, moreover, had ruled out screening for more than 4,000 transactions, apparently because the parties involved were on a "good guy list" of already screened, low-risk people.

In fact, according to the NYDFS, 154 terms on the list corresponded exactly to entries on the Specially Designated Nationals (SDN) and Blocked Persons List issued by the US Treasury. Among the terms on the list were prohibited persons and entities identified on the SDN list corresponding to:

• a transaction that involved the leader of a Pakistani terrorist group;
• a transaction that involved a known international arms dealer;
• someone on the Specially Designated Global Terrorist list;
• the former deputy prime minister of Iraq under Saddam Hussein; and
• an Iranian oil tanker involved in a transaction.

Because of this list, it is alleged that at least $250 million in transactions flowed through the New York Branch without any screening.

There were several instructions to withhold the name of a transaction's beneficiary or other pertinent information, known as "wire-stripping." These included an instruction (from a customer of the bank) to cancel a SWIFT payment message to an individual included on the SDN list in the amount of 11,226,796 Pakistani rupees (approximately US$107,000), so that the message could be re-sent by intentionally omitting the prohibited party's name.

Several payments adding up to more than $27,000 were allegedly sent to an account at Habib Bank's Head Office associated with an alleged cybercriminal wanted by the Federal Bureau of Investigations. The account holder was charged with wire fraud, identify theft and theft of US$50 million in 2012 in a warrant and was arrested in Pakistan in February 2015. He opened four of his five accounts after being added to the FBI "most wanted" list.

The number of charged violations of law, regulations, orders and agreements comes to 53.