Online Exclusive, Op-ed

Bungling banks, Ponzi fraudsters and the failure of 'Know Your Customer'

If you haven't read the story of Daniel Fernandes Rojo Filho before now, I recommend you do so. It's a salutary and shocking tale … and a striking warning for those in charge of due diligence at banks.

Rojo Filho, a 48-year-old Brazilian national and self-proclaimed billionaire living in Florida, managed to open at least 17 bank accounts (signed in his own name) in mid-2014 at banks such as Citigroup Inc., JP Morgan Chase and Wells Fargo, though he was a known fraudster. (See the Bloomberg Business article, Ponzi Suspect's 17 Accounts Raise Questions, by Neil Weinberg, Oct. 8.)

In doing so he made a mockery of these banks' "Know Your Customer" (KYC) systems — systems that were supposedly tightened after the financial crash of 2008.

How did an individual whom the U.S. authorities investigated in 2009 about an alleged conspiracy (involving drug trafficking, money laundering and a Ponzi scheme), manage to so brazenly continue with his businesses? A simple web search by any banking compliance manager would have yielded plenty of clues to his identity.

According to court documents, as a consequence of his 2009 criminal actions, Rojo Filho and others were ordered to forfeit assets, including tens of millions of dollars in Lamborghinis, gold bars and other valuables. Ultimately, he agreed to further sanctions in 2013 when he forfeited another $25 million in accounts held by his children and businesses.

So when banks conducted their due diligence and KYC checks, one would assume that his name would raise a few red flags. But that didn't happen. Incredibly, the banks somehow missed the historical data and public records and allowed Rojo Filho to gain access to the financial systems once again. He didn't even need to use a fake name to secure the accounts — he applied in his own name and signed off using his own signature! He set up 17 of the accounts in his company's name, DFRF Enterprises, which is derived from his initials.

Not surprisingly, Rojo Filho is now facing several new charges, including an indictment in August that he allegedly used these new accounts to set up a sham investment scheme, based upon high-yield returns from non-existent gold mining operations. Other lawsuits are potentially heading his way, with the Securities and Exchange Commission (SEC) adding its weight to the process.

According to the Bloomberg article, Evans Carter, a Framingham, Massachusetts-based attorney who's bringing a class-action suit against Rojo Filho, summed up the shambles when he pointed out: "If the banks had just Googled this guy, they would have known enough to stay away."

Current KYC processes need work

Herein lies the problem with current KYC processes. As an expert in money laundering and asset recovery, I've written an enhanced due-diligence process for a project I'm heavily involved with in Colorado. The sensitive nature of that business means that the due-diligence model has to far exceed anything the financial services industry is undertaking. We have to assure that the model effectively surpasses any regulator demands.

Part of our process includes a desktop (online) investigation of all applicants. This means that we utilize all of the regular web and Internet search systems — online profiles, their presence on social media, links to causes, organizations or online associations, etc. — to identify a high risk individual. There's no way that we would have missed somebody like Mr. Rojo Filho.

Why haven't the SEC and U.S. prosecutors accused the banks of any wrongdoings because of their botched due diligence and KYC? By failing to take action the authorities are vindicating what is clearly a flawed process. It appears that the big players are exempt from sanctions that would've rained down on smaller organizations, which had fewer resources, had they also failed so dramatically.

Regardless, U.S. authorities have imposed heavy sanctions on global banks since the financial crisis in the region of $10 billion in settlements and penalties. U.S. agencies have levied these sanctions against banks for permitting actions such as money laundering. Money laundering on a global scale undermines the world economy — it can even undermine governments and state sovereignty. JPMorgan Chase, for example, had to pay $2.5 billion in settlements and penalties after admitting to what have been referred to as "oversight lapses" when handling the Madoff accounts. (See The Seattle Times article, Madoff-related fraud to cost JPMorgan $2.5 billion, by Larry Neumeister and Tom Hays, Jan. 8, 2014.)

But does the expression "oversight lapses" really summarize the events that led up to the biggest global Ponzi scheme, which destroyed so many lives, and resulted in hardship and lost life savings? JPMorgan Chase has reportedly spent $2 billion on improving its overall compliance and cybersecurity capabilities between 2012 and 2014, boosting its compliance staff levels to 30,000. Is that money well spent given the fact that they're once again being found to be so wanting?

Rojo Filho has (for the second time) proved that the U.S. banking system's KYC and due diligence processes are inadequate. The worrying thing is there probably are similar failings that have yet to be identified. Former federal prosecutor Cliff Johnson suspects that people like Rojo Filho could be flying under the KYC radar, appearing to be a low-risk client to branch employees, according to the Bloomberg article. Plus bank employees are rewarded for securing new business.

Surely it's in the interests of financial institutions to add a much more stringent desktop investigation process to the KYC process. How much would it cost for a bank to allocate 10 to 15 minutes of additional scrutiny? It would certainly be cheaper than the billions of dollars they've had to part with for failing to be compliant.

Martin Kenney is managing partner of Martin Kenney & Co., Solicitors, a specialist investigative and asset retrieval practice focused on multi-jurisdictional fraud cases, and was the Cressey Award recipient at the 25th Annual ACFE Global Fraud Conference. He can be reached at: | @MKSolicitors.