According to the United Nations, $2 trillion is laundered every year. Additionally, only 1% of illegal assets or proceeds of crime are confiscated by authorities, which means that a staggering 99% of money laundering goes undetected.
But money laundering can’t happen without the cooperation of financial institutions, who themselves have already been fined a staggering $2.3 billion in 2021, according to our AML Fines 2021 Report.
What actions lead to banks receiving hefty fines? Where does anti-money laundering fail? Banks should pay attention to those who have succumbed to massive fines to learn what red flags may be their downfall. Here are five of those lessons.
Lesson 1: Lack of compliance culture
A culture of compliance must begin from the top and filter down to the lower echelons of a financial institution. The tone from the top regarding compliance principles, standards, and ethics must be championed and communicated by the leadership team.
Turning a blind eye to and wilfully neglecting criminal behaviour in return for financial gain opens the door for not just severe personal liability, but firms and individuals may be fined, debarred from the financial industry, or have their banking license revoked.
Banks fined in 2021 due to a lack of compliance culture include:
- Deutsche Bank, who was fined $130 million for their involvement in a commodities fraud scheme
- Julius Baer, who turned a blind eye to over $36 million in laundered bribes
- AmBank, who held three accounts for disgraced Malaysian former PM Najib Razak
- Swedbank AB, who was fined $5.5 million for shortcomings in classifying inside information
- ABN Amro, who is under investigation for inadequate Know Your Customer (KYC) checks and risk classification
Lesson 2: Shortcomings in AML
Shortcomings in a bank's AML framework may include failing to establish governance, creating policies understood by employees, adopting a risk-based approach, or obtaining complete and clear information on customers, beneficiaries, and transactions. Shortcomings in AML are often inter-linked and lead to systemic deficiencies in a bank's AML program. Failures in risk identification and mitigation by not having effective AML and KYC systems, controls, and processes in place to monitor customer accounts and transactions is often a reason why banks are fined by regulators. Examples include ING, Deutsche Bank and Discovery Life, and Standard Chartered Trust (Guernsey).
Lesson 3: Failing to report SARs
A suspicious activity report (SAR) is a disclosure to law enforcement agencies about known or suspected money laundering, terrorist financing, or other predicate offences such as fraud and cyber-crime. SARs can cover almost any activity that is out of the ordinary and serve as an important tool for regulatory and law enforcement bodies. Failing to report suspicious activity is a violation of AML laws and may result in serious consequences for individuals and financial institutions. Yet despite the risks, banks continue to fail to file SARs and often are fined as a result. This includes Capital One which was fined $390 million by FinCEN.
Lesson 4: Inadequate risk assessment
Obliged and reporting entities must identify and assess their level of money laundering and terrorist financing risk by conducting a customer risk assessment. A robust risk assessment is essential in understanding risk exposure, so a bank’s AML compliance program and supporting policies, procedures, controls, and systems can detect, mitigate, and prevent money laundering and terrorist financing. Additionally, the risk posed by customers, products, jurisdictions, and channels should not be considered in isolation but holistically.
Failures in vetting clients, assigning risk scores, and carrying out an adequate risk assessment demonstrates a lack of compliance, deficiencies in processes, and risk-mitigation measures. AML and KYC checks are essential and failures in customer risk assessments may lead to regulatory action, like the kind taken against Rietumu Banka, who was fined in 2021 for inadequate risk assessments for money laundering and terrorist financing.
Lesson 5: Weakness in AML controls
Weaknesses in AML controls are often cited by regulators when banks are fined, although information on the specifics is not disclosed. One of the most common findings is that regulated entities did not obtain sufficient information to verify the identity of the client, including its ultimate beneficial owners (UBOs) or persons with significant control or voting rights. Other weaknesses include failing to carry out procedures to identify if the client is a Politically Exposed Person (PEP), verifying source of funds and source of wealth, not remediating adverse media alerts, or performing enhanced due diligence. This type of weakness is often a sign of deficiencies in one or more areas of the compliance program, which opens the door for criminals to launder money.
Banks fined in 2021 due to weaknesses in AML compliance include:
- Deutsche Bank AG
- Citibank Taiwan
- DBS Bank Taiwan
- Em@ney Plc
- 11 unnamed banks in the United Arab Emirates
Tech-enabled AML Compliance
The success of an AML program depends on the financial institution’s tone from the top and sharing the values and mission that seek to stop the illegal flow of dirty money. In addition to instilling a culture of compliance, shortcomings and weaknesses in AML must be addressed and efforts made by banks to improve compliance. This can be done through the use of technology combined with human expertise.
AML practices should focus on efforts to disrupt criminal activity and safeguard the economy and society from financial crime. But too often, AML is performed because the regulator said so and is perceived as a “tick-box” exercise to simply get out of the way.
But if there is a lesson to learn from AML fines, it’s this: banks have a moral and ethical obligation to stop crime and must use tools at their disposal to implement an effective AML program tailored to their specific business model.