A Public Check-in On How the Top 10 US Banks Are Handling Financial Crime Risk

Vic Maculaitis
5 min readFeb 14, 2022


An Introduction

I looked at three (3) key factors in assessing how the Top 10 US banks are handling financial crime risk.

🎯 Factor 1: staying out of trouble.

🎯 Factor 2: a seat at the operating table.

🎯 Factor 3: the public perceptions of culture.

Per the Federal Reserve, these are the Top 10 US banks.

  1. JP Morgan Chase Bank
  2. Bank of America NA
  3. Wells Fargo Bank NA
  4. Citibank NA
  5. US Bank NA
  6. Truist Bank
  7. PNC Bank NA
  8. TD Bank NA
  9. Goldman Sachs Bank USA
  10. Bank of New York Mellon

Here are the collective results.

First Factor — Staying out of trouble…

US Government actions through the Department of Justice and/or the Department of the Treasury are typically good indicators of how well a bank has done in managing financial crime risk and compliance.

While almost impossible for a Top 10 bank to stay out of the crosshairs of the DoJ and Federal Banking Agencies — actions are typically taken with a significant lag between conduct, awareness (either self-identified/disclosed or identified through examination), and remediation. There is ample time for banks to have their affairs in order. Yet some conduct that reaches levels of criminality indicates that often times the banks choose to ignore risk and often times directly skirt regulatory obligations.

In researching public actions against the Top 10 banks I focused on those taken by the DoJ and FinCEN (as the administrator of the Bank Secrecy Act) since 2012. Other actions taken by OFAC or the Federal Banking Agencies are noted as binary (yes or no).

Notes: Seven (70%) of the Top 10 banks have entered into deferred prosecution agreements (“DPAs”) with the DoJ since 2014. Three (30%) of the Top 10 banks have received civil money penalties (“CMPs”) from FinCEN. All (100%) of the Top 10 banks have been subject to US Government actions.

Second Factor — A seat at the operating table…

Organizational structure is an excellent indicator of how a bank views the problem of financial crime, and ultimately how it manages its risk and regulatory compliance obligations.

Every US bank is required by Section 352 of the USA Patriot Act to designate a compliance officer. The FFIEC BSA/AML Examination Procedures provide some insight into the regulatory expectations of the officer’s authority, independence, and access to resources. However, where the officer sits and what title they carry is not specified by any rule or regulatory expectation.

Due to the un-specificity in title and administrative reporting, there is a lack of uniformity in titles and organizational structure throughout the banking industry. However, most of the time the designated officer will be found within a bank’s risk and/or compliance function.

I have long been an advocate for the designated officer to report administratively to the Chief Executive Officer (authority and access), with an unfiltered line to the bank’s Board of Directors (independence), holding the title — Head of Financial Crime.

In researching the public websites of the Top 10 US banks, it is apparent that none of the banks include a “Head of Financial Crime” amongst their “Executive Management Team”. All 10 banks included a Chief Risk Officer, but only Citigroup included a Chief Compliance Officer. In all instances it can be concluded that the Head of Financial Crime is (at minimum) layered and perhaps twice layered organizationally from the Chief Executive Officer.

Here are the source links and an illustration below:

JP Morgan Chase, Bank of America, Wells Fargo, Citigroup, US Bank, Truist, PNC Bank, TD Bank, Goldman Sachs, and Bank of New York Mellon.

Notes: None (0%) of the Top 10 banks include their Head of Financial Crime as part of the Executive Management Team and only one (10%) includes their Chief Compliance Officer.

Third Factor — The public perceptions of culture…

Culture begins with, as they say, a “tone from the top”. We all know that culture is more than that on a day to day basis, but public perception can only be measured by what we hear from the bank’s leadership.

Activists and really all shareholders should hear firm commitments and statements from a bank’s Chief Executive Officer regarding financial crime. Remember financial crime risk is really the facilitation of the underlying illicit activities (human trafficking, terrorism, frauds, etc.). Moreover, as we embark upon an era of being hyper sensitive to environmental, social, and governance (“ESG”) issues — how can shareholders not want to know that their bank (that they trust) takes financial crime very serious.

In this measurement I looked at a sample of the Top 10 bank’s annual reports. In two of the big four bank annual reports the term money laundering was mentioned one time, Citibank led the pack with four mentions of the term, and the other bank mentioned the term twice. The majority of reports also had nominal mentions of terms like fraud, sanctions, corruption, and/or cyber.

Lastly, I found no CEO letters to shareholders or the general public addressing the issue of financial crime.

Notes: None (0%) of the Top 10 banks have publicly available CEO letters or statements on financial crime. While a nominal amount of relevant terms were identified in parts of the sampled annual reports, none were meaningful (prioritized or amplified).

*Caveat — CEO and/or public statements regarding financial crime are typically found post-government action/settlement/remediation. In my opinion, those only further damage the perception of culture as only being serious or sorry after the fact.

The Factors Summarized

All of the Top 10 banks have been challenged in “staying out of trouble”. Yet, none of the Top 10 banks have elevated their Head of Financial Crime into the EMT. Moreover, CEOs are relatively quiet on the problem of financial crime.

There is a cyclical nature (and lag) to US Government actions. As we see time lapse from these bank’s actions, should we be concerned that the crosshairs are moving back towards them? We know that very talented and dedicated professionals are doing their best, but should we also be concerned that they are still undervalued (as a non-executive led non-revenue generating function)? When we see CEOs insert themselves into ESG issues without being just as loud on financial crime, should we worry that they remain distracted or disinterested?

One final thought to the check-in: does the crypto circus provide yet another window for bad guys to exploit the conventional financial system and for the conventional players to benefit from that without consequence?

Keep your 👀 on the ball, or in the case of financial crime, the 💰…