MIAMI – Miami-based Gibraltar Private Bank and Trust Co. was fined $4 million, including $2.5 million in civil money penalties (CMP), earlier this year by the U.S. government over lapses that allegedly included not reporting suspicious transactions linked to a Ponzi scheme, but additional steps are needed to rectify the situation.

These steps will bring the company into compliance with the Bank Secrecy Act (BSA) and Annuzio-Wylie Anti-Money Laundering Act (AML), Stephanie Collins, a spokeswoman for the U.S. Treasury Department's Office of the Comptroller of the Currency (OCC), said in an email to the Florida Record.

"While the CMP was completed upon payment, the cease-and-desist order requires it to revise its policies, procedures and systems related to its BSA/AML compliance program," Collins said. "OCC examiners continue to monitor the bank’s work to comply with those requirements."

Gibraltar did not respond to requests for comment.

Much attention has been paid to Gibraltar's alleged failure to report suspicious transactions linked to convicted and disbarred attorney Scott Rothstein. Rothstein, former managing shareholder, chairman and CEO of the now-defunct Rothstein Rosenfeldt Adler law firm, allegedly ran a Ponzi scheme that cost investors more than $1 billion.

Rothstein turned himself in to authorities in December 2009 to face charges he violated the Racketeer Influenced and Corrupt Organizations (RICO) Act. The following January, Rothstein, as part of a plea agreement, pleaded to five felonies and was sentenced to 50 years in prison. Rothstein is part of the witness protection program and is serving his time in an undisclosed U.S. prison.

Approximately 30 others accused of cooperating with Rothstein's scheme were sentenced to jail time.

For its part, Gibraltar was charged with willfully violating the Bank Secrecy Act and the Anti-Money Laundering Act. Though warned in 2010 about government-documented deficiencies, Gibraltar allegedly did not address compliance issues until the Office of the Comptroller of the Currency took action in 2014.

Regulators said those compliance issues are what caused Gibraltar's failure to report suspicious activity on at least 120 documented occasions between 2009 and 2013, transactions that totaled almost $558 million.

Gibraltar, its board and various committees received notice it had 45 to 90 days to comply with 14 articles of a comptroller consent order first issued in 2014. Under those 14 articles, Gibraltar must establish and maintain a compliance committee of directors who are not employees, former employees, controlling shareholders of the bank or any of its affiliates, or family members of any of those groups. This committee must meet at least once a month and submit a written progress report to the board within 30 days of the end of each calendar quarter.

Gibraltar also must develop a strategic plan that includes objectives such as the bank's overall risk profile, earning performance, growth, balance sheet mix, off-balance sheet activities, liability structure, and capital and liquidity adequacy; as well as continue to achieve and maintain certain minimum capital ratios. 

It also must develop, implement and ensure the bank’s adherence to corporate governance and decision-making processes; engage a qualified independent consultant or firm to perform a complete review of the bank’s BSA/AML compliance program, which must include internal controls, independent testing, training, and an evaluation of the BSA/AML officer’s performance and the board’s oversight; revise, implement and  ensure the bank’s adherence to a written program of policies and procedures that comply with the Bank Secrecy Act; develop, implement, and ensure the bank’s adherence to expanded due diligence and risk management procedures for all existing accounts and new accounts that pose greater than the normal risk for compliance with the Bank Secrecy Act; and revise, implement and ensure the bank's adherence to a written program of policies and procedures for the bank to monitor for suspicious activities.

Finally, it must maintain an integrated, accurate monitoring system for all bank areas; ensure adherence to an independent, internal audit program; develop a written program of policies and procedures to provide for compliance with the Bank Secrecy Act within the bank's Wealth Management Department; engage an independent third-party consultant to verify all transactions $100,000 or greater since Jan. 1, 2013, are accurate and complete; and correct each violation of law, rule or regulation cited by the ROE, or brought to the board’s or bank’s attention, in writing by management, regulators, auditors, loan review or other compliance efforts.

"Although the bank is by this order required to submit certain proposed actions and programs for the review or prior written determination of no supervisory objection of the director, the board has the ultimate responsibility for proper and sound management of the bank," the consent order said.

More News