Rabobank NA 2018: $369M Enforcement Action

What happened?

Rabobank NA, a California-chartered bank serving agricultural communities and the US subsidiary of Dutch cooperative Rabobank Group, pleaded guilty in February 2018 to a single federal felony: conspiracy to obstruct examination of a financial institution under 18 U.S.C. § 1517. The bank agreed to pay more than $360 million in criminal fines and forfeitures.

The underlying AML failures were years in the making. According to the DOJ press release, Rabobank NA failed to implement and maintain an effective BSA/AML compliance program. The bank operated branches near the US-Mexico border in California's Imperial Valley, where cash-intensive businesses and cross-border transaction flows created elevated money laundering risk. Regulators alleged that drug trafficking proceeds moved through accounts at those branches without adequate monitoring or reporting.

What turned this into a criminal case wasn't the AML failures alone. The OCC had flagged BSA compliance concerns during earlier examinations. Rather than remediate and report honestly, bank compliance officers allegedly provided misleading information to OCC examiners, concealing the depth of the problems. The DOJ described this as deliberate.

Individual criminal charges were filed separately against former bank compliance officers. The Dutch parent, Rabobank Group, was not subject to the US criminal action. Rabobank NA subsequently wound down its US banking operations. No monitorship was required; there was no ongoing business to monitor.

What did regulators say?

The DOJ was direct. The official press release stated that Rabobank NA "failed to implement and maintain an effective [BSA/AML] program" and that compliance officers "intentionally impeded" the OCC's ability to examine the bank's compliance with federal law. Prosecutors described this as going beyond negligence: the compliance function was actively concealing known problems rather than fixing them.

The OCC took concurrent enforcement action through its own authority over national banks. The OCC's enforcement actions database reflects the OCC's separate resolution, which addressed specific BSA programmatic deficiencies independent of the criminal obstruction charge. The dual-agency structure, criminal prosecution by DOJ alongside prudential enforcement by OCC, has become a standard model in major BSA cases since this resolution.

Prosecutors characterized the case as a clear example of what happens when a compliance function works against regulators rather than with them. The acting Assistant Attorney General emphasized personal accountability: individuals in the compliance function who obstruct examination face criminal liability, not just the institution.

The guilty plea, rather than a deferred prosecution agreement, mattered. A DPA leaves open the possibility of charges being dropped on completion of remediation. A guilty plea is a criminal conviction. Combined with individual charges against compliance officers, the resolution signaled that regulators would treat obstruction of examination as a standalone serious offense, regardless of whether the underlying AML failures were remediable.

What controls failed?

The failures at Rabobank NA ran across the entire AML program structure.

Transaction monitoring wasn't calibrated for the bank's actual risk profile. The bank's branches near the US-Mexico border operated in a high-cash corridor where drug trafficking proceeds were, regulators alleged, actively flowing through customer accounts. Monitoring systems that might have been adequate for a low-risk geography were running against transactions they weren't designed to catch. Alerts that should have triggered SAR review didn't, or were generated and not escalated properly.

Customer due diligence was insufficient. FATF Recommendation 10 requires financial institutions to apply risk-based CDD and enhanced measures for high-risk customers. The bank's processes failed to reflect the elevated risk of its border-region customer base. High-risk customers weren't rated as such; enhanced due diligence wasn't applied where the risk profile demanded it.

SAR filing was deficient. The Bank Secrecy Act requires banks to file Suspicious Activity Reports when they know, suspect, or have reason to suspect transactions involve illegal proceeds. The documented failure to file on drug trafficking transactions was a direct BSA violation, separate from the obstruction charge.

The governance failure was the most consequential. Compliance functions exist to detect problems and escalate them. At Rabobank NA, the compliance function detected problems and concealed them. When the OCC came to examine, compliance officers provided inaccurate information rather than accurate disclosures. 12 CFR Part 21 requires national banks to maintain BSA programs and cooperate with OCC examination. The bank's compliance team violated both simultaneously, which is what produced the criminal charge.

Which regulations were violated?

The primary criminal charge was conspiracy to obstruct examination of a financial institution under 18 U.S.C. § 1517. This statute specifically criminalizes interference with a federal regulator's examination of a financial institution. It's a standalone offense: a bank can face this charge even if its underlying AML program is technically adequate, simply because compliance officers lied to examiners. That's a distinction many compliance teams don't appreciate until it's too late.

FinCEN administers the Bank Secrecy Act and requires US financial institutions to maintain written AML programs covering four core elements: internal controls, independent testing, a designated BSA/AML compliance officer, and ongoing employee training. Rabobank NA's program failed materially on multiple elements.

12 CFR Part 21 is the OCC's BSA compliance regulation for national banks, setting specific programmatic obligations. The OCC's enforcement action cited failures under this regulation, separate from the DOJ criminal case.

SAR filing requirements under FinCEN rules require banks to file within 30 days of detecting suspicious activity. Failure to file on drug trafficking proceeds was a documented violation.

Internationally, the violations map directly to FATF Recommendation 20 on reporting suspicious transactions. The FATF standards framework represents the baseline the US BSA regime is built on, and failures at the domestic level generally reflect failures against international standards too.

Which typologies were involved?

The central typology is drug proceeds placement and layering through a geographically exposed bank.

Rabobank NA's branches in California's Imperial Valley and adjacent border communities created direct exposure to cross-border drug trafficking flows. Bulk cash, regulators alleged, was deposited through accounts at the bank and moved without adequate scrutiny. This is placement-phase laundering: using a nearby financial institution to convert drug sale proceeds into account balances and then move them into the broader financial system.

The geographic risk angle deserves attention. Banks near high-trafficking land borders see transaction patterns qualitatively different from low-risk geographies: more cash, more cross-border movement, more small businesses with variable income that provides natural cover for irregular deposits. Running standard enterprise-wide monitoring parameters in that environment is a control gap, not a program. Rabobank NA's failure to calibrate monitoring for geographic risk is a mistake many institutions still make.

The correspondent banking risk dimension is also worth noting. FATF Recommendation 13 applies when a financial institution provides gateway access to the broader system on behalf of others. Border-region banks operating as conduits for cross-border cash flows carry obligations that resemble correspondent banking risk management in practice, even when the formal relationship doesn't exist.

The second typology is compliance obstruction as an institutional failure. When compliance officers suppress alerts and mislead regulators, no monitoring framework catches what the compliance team is actively hiding. FATF Recommendation 20 assumes the institution is reporting in good faith. When that assumption breaks, the entire detection architecture collapses.

Aftermath and remediation

The total payment of over $369 million covered criminal fines and forfeitures under the DOJ resolution. The breakdown between fine and forfeiture components was specified in the plea agreement and related court filings, accessible through DOJ case records.

The OCC's concurrent enforcement action addressed BSA programmatic failures under 12 CFR Part 21 separately from the criminal proceedings. Each agency acted within its own authority. The total penalty reflects both tracks combined, which is now a standard structure for major BSA resolutions.

Individual accountability was part of the outcome. Former Rabobank NA compliance officers faced separate federal criminal charges related to their alleged roles in the obstruction. The DOJ was explicit that this was a deliberate enforcement choice: institutional fines alone were insufficient, and individuals who actively concealed compliance failures from regulators would face personal criminal liability.

Rabobank NA didn't survive as an operating institution. The bank wound down US banking operations following the resolution. Rabobank Group, the Dutch parent, absorbed the penalties and exited the US market. No standard compliance monitorship was appointed; such appointments apply to institutions continuing in business under remediation, which wasn't the case here.

The guilty plea rather than a DPA carried a lasting reputational cost. A criminal conviction follows the institution permanently in any regulatory filing or licensing context, as distinct from a DPA that resolves on completion of agreed remediation steps. For a Dutch cooperative banking group, having a US subsidiary convicted of a federal felony was a significant outcome with no recovery path short of exiting the market entirely.

Lessons for other institutions

The Rabobank NA case produces several lessons compliance teams can act on today.

Geographic risk must drive monitoring calibration. Under FATF Recommendation 1 and the Bank Secrecy Act, institutions must calibrate controls to actual risk. Running enterprise-wide transaction monitoring thresholds across a branch near a major drug trafficking corridor is a documented failure mode. High-cash, border-region branches need materially different monitoring parameters, higher SAR filing targets, and more rigorous CDD requirements than branches operating in low-risk environments.

Obstruction is a standalone crime with personal consequences. This is the harder lesson to internalize. AML compliance officers who provide misleading information to regulators face criminal liability under 18 U.S.C. § 1517, independent of the institution's AML program quality. Compliance staff need to understand that their legal obligation runs to regulators, not to management, when the two conflict. No executive instruction shields a compliance officer from personal criminal liability for lying to the OCC.

Enhanced due diligence can't be optional for high-risk customer segments. FATF Recommendation 10 requires documented EDD steps for high-risk customers. Border-region cash-intensive businesses are a named risk category, and treating them as standard customers is a control gap that examiners will find.

SAR filing rates are a program health signal. If your institution operates in a high-risk geography and your SAR rate is low, investigate immediately. Either monitoring is too narrow, or alerts are being suppressed somewhere in the review chain. Both require escalation to the Chief Compliance Officer and, depending on what's found, to the board.

Compliance governance must include direct board-level access. At Rabobank NA, the compliance function appears to have been subordinated to the goal of passing OCC examinations rather than actually satisfying BSA requirements. That failure requires a governance fix: the Chief Compliance Officer must have access to the board independent of management, and escalation to regulators must be available without management approval.

How FluxForce helps prevent similar failures

The Rabobank NA case came down to two failures: monitoring that didn't catch suspicious activity in a high-risk geography, and a compliance function that concealed findings rather than escalating them. FluxForce addresses both. Aiden Flux runs real-time transaction monitoring with geography-aware calibration, flagging border-region cash flows against appropriate risk thresholds rather than generic enterprise averages. Nova Sentinel maintains tamper-proof audit trails of every alert, review decision, and SAR outcome, so no finding can be quietly suppressed. Regulators get full decision evidence on request, with nothing missing. Request a demo to see how this maps to your institution's specific risk profile.