2021 saw the same kind of trends from the past of failed Anti-Money Laundering (AML) compliance that resulted in massive fines. In fact, multinational banks, challenger banks, and other regulated firms were the recipients of over $2.7 billion in fines in 2021, according to our “AML Fines 2021” report.
What happened? While some organisations committed some extreme acts, like facilitating bribes, others had simply fallen behind on their AML process, didn’t have the right checks and balances in place, or just weren’t paying enough attention to what was going on in their customers’ accounts.
Fortunately, you can learn from these institutions’ oversights, and ensure that you don’t have the same kind of shortcomings that got them in trouble. What follows are the top five lessons learnt from AML fines in 2021.
Lesson 1: Sanction violations continue to dominate AML fines.
Do not send transactions to sanctioned countries, entities, and individuals. Always screen against the latest sanction lists. Be sure to optimise your sanctions screening program to reduce false positives, but keep an eye out for missing or incomplete fields in payment messages and attempts to disguise the origin or beneficiary.
Financial institutions fined: Payoneer, Bank of China UK, and Mashreq Bank.
Lesson 2: Weaknesses in internal controls.
This reason is often cited by regulators, even though they do not state the specifics. AML internal controls include policies, procedures, and processes to mitigate the risks of money laundering and are there as a tool to support compliance with AML laws.
Banks fined due to weaknesses in AML controls: Deutsche Bank, TSB Bank, and PrivatBank.
Lesson 3: Paying or facilitating bribes.
The US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act prohibits deceitful and dishonest financial business transactions. Train all staff on anti-bribery and corruption, and ensure your policy is understood by all employees.
Banks fined due to bribes: Bank of Julius Baer and Deutsche Bank.
Lesson 4: Shortcomings in AML frameworks are often part of a collective issue.
Deficiencies in due diligence, risk assessments, transaction monitoring, suspicious activity reporting, governance, and oversight are likely to cause more damage than good. Perform gap analysis and improve each area to ensure you meet regulatory expectations.
Banks fined due to shortcomings in their compliance framework: ING and ABN Amro.
Lesson 5: Failure to report suspicious activity reports (SARs).
Failing to report SARs in a timely fashion is further compounded when regulated firms turn a blind eye or ignore red flags. When regulators identify criminal behavior that was concealed or not reported on time, they will ask difficult questions and likely dish out big fines.
Banks who failed to send suspicious activity alerts to law enforcement: Capital One and N26.
Learning from Failures
The five lessons from 2021 should serve as a reminder to check your KYC and AML compliance program regularly. A best practice is to test, upgrade, and improve KYC and AML compliance in a programmatic approach, starting with strengthening the weakest areas first.
It all starts with KYC as the first line of defence. When things go wrong in AML, they often point to a set of interrelated connected deficiencies — however the underlying fundamentals are the same. Fuel your compliance program with up-to-date, structured data for the entire KYC and AML process, from the moment of onboarding to monitoring and screening transactions. Doing so means you’ll avoid the above pitfalls, and avoid the fines list in the future.