Financial institutions around the world invest millions of dollars in anti-money laundering compliance programs to prevent abuse by money launderers. These efforts still may become subjects of a government investigation that focuses on suspected internal criminal activity or financial information on another company or another person.
Compliance with subpoenas is crucial for financial institutions. Every financial institution should know how to react and what steps to take when the financial institution is served a subpoena. Regulators and law enforcement agencies increasingly expect financial institutions to treat subpoenas not merely as discrete legal requirements, but also as opportunities to gain information regarding possible problems with the organization or suspicious activity by others utilizing the financial institution.
A centralized review of all subpoenas, especially grand jury subpoenas, should also be part of the financial institution’s Anti-Money Laundering/Bank Secrecy Act (“BSA”) compliance program. Policies, procedures and training are critical to ensuring the confidentiality of grand jury subpoenas. The confidentiality of grand jury subpoenas is essential to avoiding the criminal liability arising from improper disclosure of the receipt or existence of such subpoenas to the targets of the investigation.
Financial institutions should establish a centralized “subpoena unit” to handle subpoenas and follow clear, well documented policies and procedures for appropriate responses to all subpoenas, as a best business practice.
Establishing a centralized subpoena unit is important to ensure consistent, coordinated and documented handling of all subpoenas. A subpoena unit may consist of a supervising attorney, the custodian of the records, a subpoena specialist and liaison document custodians located in different departments or lines of business in the financial institution. Normally the bulk of processing subpoenas need not involve the supervising attorney even though the attorney should supervise the subpoena efforts. The supervising attorney should have significant litigation experience both involving civil and criminal subpoenas and will also be responsible for updating the financial institution’s subpoena procedures on an ongoing basis. The supervising attorney should work with and train individuals with the responsibility for ensuring the financial institution comply with all subpoenas. In addition, the supervising attorney should serve as a resource for subpoena questions and problems.
The subpoena specialists who have been appropriately trained should process, track, and respond to subpoenas. If the financial institution receives a significant number of subpoenas and requires a large number of subpoena specialists, it should consider designating specialists by subpoena type or geographic region. This designation will assist in identifying trends that may merit further financial institution attention.
The subpoena response policies, procedures and practices should address (1) subpoena intake, (2) subpoena tracking, (3) risk assessment to identify non-routine subpoenas, (4) documentation of collection efforts, and (5) development and dissemination of reports on subpoenas to ensure compliance and effective analysis for suspicious activity reporting.
The subpoena response policy should outline that subpoenas received by anyone at the financial institution are stamped with the date and the location where it was received. All subpoenas must then be sent immediately to a centralized subpoena unit. When the subpoena is received by the centralized subpoena unit, the subpoena should again be stamped with a stamp specific to the subpoena unit that identifies the date the subpoena was received by the unit.
Immediately upon receipt, the centralized subpoena unit should log the subpoena in a centralized database. The subpoena tracking system database should include the date that the subpoena was received by the financial institution, the date it was received at the centralized subpoena unit, the due date, the issuing jurisdiction, the contact person from the issuing jurisdiction, the department employee responsible for responding, and the date that response materials were sent to the requesting party. The tracking database should also include a section for documenting any modifications to the subpoenas and any other communication. It may be beneficial, due to the importance of grand jury subpoenas, to keep these in a separate log. The subpoena should always be reviewed to determine whether the Right to Financial Privacy Act (“RFPA”) applies (which restricts the government’s ability to obtain personal financial information), and whether appropriate documentation is included for subpoenas that fall under the requirements of RFPA. When subpoenas are assigned to an outside counsel, financial institutions should ensure outside counsel keeps them informed on a regular basis regarding the status of collection, review and production efforts.
Examples of non-routine subpoenas include: grand jury subpoenas, requests for policies and procedures, requests relating to pending litigation, and requests relating to internal investigations. When a non-routine subpoena is received, special procedures may be followed for complying with the subpoena. In addition, any subpoena that indicates an investigation of the financial institution should receive special attention.
Subpoena specialists should always utilize standardized formats for requesting routinely documented information. It is very important to document any changes or modifications to the subpoena agreed to by the issuing party.
Financial institutions should consider preparing weekly or monthly subpoena reports for review by appropriate senior management personnel, including risk management and legal personnel. These reports should group subpoenas by type of issuing entity and include for each subpoena a description of the subject matter, the matter identification number, the issuer, the response date, the date of receipt and the status of the response effort. It is particularly important that the BSA compliance personnel receive the subpoena response reports. These reports may enable a financial institution to identify trends or issues, or particular suspicious activity that may warrant further action. BSA compliance personnel must communicate regularly with the subpoena response unit to evaluate whether subpoenas trigger the obligation to file a suspicious activity report.
If a financial institution does not follow a rigorous process for complying with each individual subpoena, these policies will be of little value. Particularly with respect to non-routine subpoenas, it is important to have a process where: responsive documents are preserved, identified, collected, and produced; the entire process is documented; confidentiality laws are followed; employees are properly trained; and the subpoena process is subject to regular audit and review.
Compliance with subpoena response obligations and related SAR filing requirements is an ongoing challenge for financial institutions. Proactive steps taken by the financial institution including: providing appropriate resources to respond to a subpoena, and establishing appropriate policies, procedures and practices for subpoena compliance, will help to mitigate the institution’s overall risk related to legal, compliance in regards to subpoenas and will minimize the possibility of civil and criminal penalties and possible reputational damage.
During her financial industry career expanding over 30 years, Kris Welch, has held positions in compliance and regulatory risk management, branch management and real estate appraisal. In addition, Kris has advised management in establishing, coordinating and maintaining effective financial institution compliance programs. Kris is a published author addressing financial industry issues of interest and holds the designations of Certified Regulatory Compliance Manager (“CRCM”) and Certified Anti-Money Laundering Specialist (“CAMS”).
For more information on this or other compliance related subjects, you may contact Kris by email:
email@example.com or by calling 720.242.7274 or 303.947.0899