Our AML Fines Report Q3 2021 summarises regulatory fines from around the world. We found more than twelve regulated entities, including senior managers were fined a total of $198,301,508 from 1st July – 30th September 2021. Below we explore each of the fines and provide actionable takeaways for AML and compliance professionals.
Summary: One of the world’s largest crypto trading platforms, BitMex, agreed to pay a $100 million fine to settle charges with the Financial Crimes Enforcement Network (FinCEN) and Commodities Futures Trading Commission (CFTF) for violating AML regulations and trading cryptocurrencies without regulatory approval.
BitMex failed to maintain AML controls and procedures and was found to have facilitated over $209 million in illegal transactions with darknet markets and unregistered money service businesses.
FinCEN claims BitMex’s senior leadership team deliberately altered customer information to hide the customer’s true location and were unwilling to collect more than an email address. Investigations into the co-founders of BitMex are ongoing.
Key takeaway: Obscuring illegal transactions to hide the beneficiary and failing to collect sufficient information on the customer is a criminal offence. Wilfully failing to comply with AML regulations may lead to serious ramifications for senior directors.
Future Bank, Central Bank of Iran, and other Iranian Banks
Summary: Bahrain’s high criminal court fined and convicted the Central Bank of Iran, Future Bank, and other Iranian banks a total of $50 million, confiscating $1.3 billion in a ground-breaking money laundering case.
Five Future Bank officials were sentenced to five-years in prison. The public prosecution service uncovered a large-scale money laundering operation involving alternate and unapproved payment transfer systems and stripping of SWIFT messages to conceal the beneficiary and source of funds – methods used to circumvent international sanctions imposed on Iranian individuals and entities. Further investigations are ongoing.
Key takeaway: Payment stripping to circumvent sanctions is a contravention of money laundering and terrorist financing laws that inevitably leads to prosecution. Sender, beneficiary and BIC codes should be screened for incoming and outgoing transactions.
Summary: The cryptocurrency arm of Robinhood Markets Inc reached a $30 million settlement agreement with the New York Department of Financial Services (NYDFS) after a probe into its cybersecurity and anti-money laundering (AML) practices.
NYDFS mandates that businesses maintain cyber defence systems and have contingency plans in the event of a hack. Financial firms must have AML programs, collect and verify customer data, respond to law enforcement requests, and comply with sanction regimes by screening and monitoring transactions.
The settlement is part of a proposed deal to end the investigation by NYDFS into alleged lax security and AML procedures at Robinhood Crypto.
Key takeaway: U.S. regulators are increasing scrutiny of crypto transactions and foreign exchanges used by criminal gangs to launder proceeds, evade taxes, or demand ransomware payments.
Summary: Malta’s Pilatus Bank was hit with a $5.8 million fine by the Financial Intelligence Analysis Unit (FIAU) for serious and systemic breaches of AML laws.
The FIAU said the bank's lax approach to customer due diligence was of particular concern. Pilatus bank failed to keep customer information, data, and documentation up to date in 97% of customer files reviewed by regulatory authorities. Egregious money laundering risks were not mitigated by the bank.
Dr. Claude-Anne Sant Fournier, the bank’s Head of Legal, and former Money Laundering Reporting Officer, has been charged with money laundering. The magistrates have also started criminal proceedings against eight individuals linked to Pilatus Bank. The move comes years after the murder of Daphne Galizia, a Maltese journalist, who accused the bank of being involved in money laundering and corruption.
Key takeaway: Assisting and abetting money laundering is a serious offence that carries a lengthy prison sentence.
Summary: Germany’s Federal Financial Supervisory authority BaFin, fined digital bank N26 relating to the late filing of 50 suspicious activity reports in 2019 and 2020. BaFin had already warned N26 and appointed a special commissioner to monitor N26’s compliance with an order to implement internal controls and comply with KYC and AML customer due diligence requirements.
The regulator said N26 needed to remediate backlogs in its AML monitoring system and re-verify several customers in its platform.
Key takeaway: Suspicious activity reports must always be filed to law and regulatory enforcement agencies on time. Alerts generated in AML transaction monitoring systems must always be remediated.
Summary: TSB Bank was ordered by the high court to pay $3.5 million for breaching AML regulations. The bank admitted it did not have adequate and effective controls for monitoring and mitigating compliance risks.
TSB failed to review and maintain its AML compliance programme and conduct risks assessments with respect to high-risk jurisdictions and high-risk sectors such as real estate. The fine comes five years after the bank was warned by the regulator for compliance failures.
Key takeaway: Banks should ensure AML/CFT policies, procedures and controls are regularly updated. High-risk activities including risky jurisdictions, sectors, high-risk customers, and products should be managed effectively as a priority.
Bank of China UK
Summary: Bank of China UK (BOC UK) settled a $2.3 million dollar fine with OFAC due to violations of the Sudan sanctions program. Between September 2014 and February 2016, BOC UK exported financial services from the U.S. by processing over 111 commercial transactions for over $40 million in total through the U.S. financial system on behalf of third parties in Sudan.
BOC UK’s internal customer database and outgoing SWIFT messages did not include any references to Sudan. Furthermore, BOC UK’s compliance team did not appropriately evaluate and escalate potential transactions with ties to Sudan. The transactions sent via U.S. correspondents were in breach of the Sudanese Sanctions Regulations. Certain sanctions with respect to Sudan were revoked in December 2020.
Key takeaway: The U.S. aggressively enforces its economic sanctions policy not only against U.S. entities but also foreign overseas businesses with connections to the U.S.
Summary: Payoneer, a leading financial services company providing online money transfer and digital payment services, agreed to settle a $1.4 million settlement with the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) for 2,260 sanction breaches. Payoneer was found to have processed payments for third parties in sanctioned countries including Iran, Sudan, Syria, and the Crimea region of Ukraine along with payments of sanctioned individuals on OFAC’s SDN List.
The regulator found deficiencies in Payoneer’s sanctions program with respect to screening, testing, review of transactions, and compliance audits. This resulted in $802k worth of transactions processed on behalf of sanctioned individuals and countries.
Key takeaway: Numerous regulated and obliged entities have been fined due to outdated sanctions watchlist screening filters that miss important matches on a sanctions list. Regulated firms should regularly test the effectiveness of their screening filter and optimise watchlist screening to prevent the risk of breaching sanctions law.
Summary: German state-owned bank KfW-Ipex was fined $178,000 for facilitating loans to an Angolan brewery linked to Africa’s richest woman Isabel dos Santos, who was exposed in the Luanda Leaks by the International Consortium of Investigative Journalists (ICIJ).
ICIJ’s partners found that KfW-Ipex loaned $55 million to Angolan state-owned bank Banco de Poupanca e Credito which then loaned the funds to dos Santos’ brewery Sodiba. Dos Santos used the loan to purchase the brewery from German manufacturer Krones AG.
Key takeaway: Payments and loans to Politically Exposed Persons (PEPs) in high-risk jurisdictions should be subject to enhanced due diligence and heavily scrutinised for corruption and money laundering risks.
Taipei Fubon Commercial Bank
Summary: Taipei Fubon Commercial Bank was fined by The Financial Supervisory Commission (FSC) for breaching money laundering norms. The bank activated an account when orally instructed by bank president Roman Cheng.
The FSC found the bank did not implement robust controls against money laundering nor perform Know Your Customer (KYC) checks, failing to collect client documentation and verify the ultimate beneficial owner. Cheng allegedly approved a loan to a Chinese company for personal gain – a clear conflict of interest and ethics breach.
Key takeaway: Banks should be careful when opening accounts without KYC documents and ID verification. Conflict of interests may lead to disciplinary action and termination of employment.
Yardley Securities Limited CEO
Summary: In March 2021, The Securities and Futures Commission (SFC) of Hong Kong fined Yardley Securities Limited (YSL) $901,453 for failing to comply with counter-terrorism financing (AML/CFT) rules.
SFC announced in July 2021 it had reprimanded YSL’s Chief Executive Officer, Money Laundering Reporting Officer, and Compliance director for AML/CFT breaches. CEO Raymond Leung Tak Shing was responsible for handling and approving third-party fund transfers and was fined $52,000. Hong Kong’s financial watchdog said as a senior manager of the firm, Leung failed to ensure YSL had adequate systems in place to mitigate financial crime risks and adopted a lax attitude towards compliance.
Key takeaway: Personal liability and accountability of senior managers is on the rise. Wilful negligence may result in personal fines and being debarred from the financial industry.