Regulation of AML is a high risk and continually changing area. Regulators across the world are also consistently taking decisive, public action against firms and individuals for AML failures, in an effort to combat financial crime.
Numerous high-profile enforcement actions show that financial crime compliance remains a core priority for regulators and law enforcement agencies around the world. When we look globally at enforcement fine amounts over the past five years, financial crime is the second highest category behind conduct of business obligations.
Within the financial crime category from 2013 to 2017, the top five areas relate to sanctions breaches (US$10.1 billion), followed by bribery (US$5.6 billion), tax evasion (US$5.1 billion), fraud (US$4.4 billion) and AML (US$3.5 billion). This attention is not going to change soon, with both institutions and individuals firmly in regulators’ focus.
The rise in AML enforcement
AML has particularly come to the fore in 2017 and 2018, with enforcement actions resulting in multi-million-dollar fines and some high-profile cases, including:
- ING reached a settlement agreement with the Dutch Public Prosecution Service to pay a fine of €675 million and €100 million for disgorgement for shortcomings in the execution of customer due diligence policies to prevent financial economic crime at ING Netherlands.1
- Commonwealth Bank of Australia (AU$700 million) was issued the largest fine in Australian corporate history from AUSTRAC for breaches in AML and CFT financing laws.2
- Rabobank (National Association) agreed to pay over US$360 million for processing illicit funds and concealing AML deficiencies.3
- US Bancorp was fined approximately US$600 million by three U.S. agencies for failing to have an adequate AML programme.4
- UK and US regulators took strong action against Deutsche Bank, fining the firm approximately US$600 million for AML controls failings.5
- FinCEN secured its largest ever fine against an individual, a US$250,000 civil penalty against a chief compliance officer for failing to implement an effective AML program.6
This tough action reflects, at least in part, cases that involved the actual laundering of potentially criminal money, not just a failure of a firm’s systems and controls. In such circumstances, it should be no surprise that the regulators have come down very hard.
But it’s not only the large, headline grabbing cases that demand firms’ attention. Smaller, though still significant, actions show that a wide range of financial services firms and individuals are being scrutinized. Offshore markets continue to strengthen their AML regulatory framework and enforcement regimes, with a number of recent enforcement actions imposed in jurisdictions such as Singapore,7Ireland,8 Channel Islands9 and Bermuda10 among others. Moreover, unregulated corporate entities are also open to AML risk and broader financial crime risk through the enforcement of sanctions, corruption or other criminal laws.
A changing landscape
The push against money laundering that has been running since the late 1980s has undoubtedly made it more difficult to launder money through the conventional financial services system. What was originally legislation targeting the global narcotics trade and the volume of cash it generated, has evolved into a comprehensive framework of rules across the globe that can be challenging to implement effectively; and now aimed at preventing and detecting all types of financial crime including: tax evasion, corrupt payments and bribery, human trafficking, narcotics trafficking, securities fraud and other criminal enterprise.
The rise of cryptocurrencies presents a new threat from an AML perspective. Virtual, web-based currencies can circumvent all the controls in the conventional financial system that have been so laboriously built-up over the past three decades. Regulators, which have not historically employed many cutting-edge technology experts or invested particularly heavily in their own technology, are moving at some pace around the globe to develop the right skillsets and are also endeavoring to create the right AML regulatory frameworks for this evolving industry. The 5th Money Laundering Directive in the EU is one such example of an AML regulation now being updated to include cryptocurrencies in its scope.
Individuals are also not immune. Regulators repeatedly communicate their commitment to pursue individuals for compliance failures and in this era of individual accountability, it seems likely that we will soon see more cases around the world.
Despite this changing landscape, through our review of enforcement actions and our work with firms around the globe, we see some consistent themes emerging in relation to failures in AML systems and controls (see Table 1).
The real goal though for firms is not to simply implement new rules and respond to regulatory concern; it is to prevent and detect criminal money being laundered and terrorism being financed. In all of this complexity and change, this sometimes can be forgotten.
5 https://www.fca.org.uk/news/press-releases/fca-fines-deutsche-bank-163-million-anti-money-laundering-controls-failure; rel="noopener noreferrer" https://www.dfs.ny.gov/about/press/pr1701301.htm
9 https://www.gfsc.gg/commission/enforcement/public-statements; https://www.jerseyfsc.org/media/1415/2017-07-13-final-nwog-public-statement.pdf