A Fine Mess We’re In - Fenergo · It’s clear from the research that global regulators are increasingly putting financial institutions’ AML and KYC procedures, policies and technologies

www.fenergo.com [email protected]

A Fenergo PAPer

Executive SummaryA decade after the collapse of Lehman Brothers, regulators across the United States, Europe, Asia-Pacific and the Middle East have levied nearly US$26 billion in monetary penalties for anti-money laundering and sanctions violations.

In this paper, we will examine the evolution of financial crime enforcement worldwide, drawing on analyses of ten years of AML and KYC fines data. We also take a deep-dive into the data on a regional basis and examine key trends developing across the US, Europe, APAC and the Middle East.

A Ten-Year Analysis (2008 – 2018)

A Fine Mess We’re In AML/KYC/Sanctions Fines

www.fenergo.com

© Fenergo 2018

A Fine Mess We’re In: AML/KYC/Sanctions Fines A Ten-Year Analysis (2008 – 2018)

2

Glossary

Helpful Notes: To assist your reading of this report, we have compiled a full glossary of terms and acronyms below that you may find throughout the report. Please also note that all monetary amounts mentioned in the report are represented in US dollars (US$) using the monetary conversion dates at the time the fines were imposed.

AI – Artificial Intelligence

AML – Anti-Money Laundering

AMLC – Anti Money Laundering Council (Philippines)

APAC – Asia-Pacific

BSA – Bank Secrecy Act

CTF – Counter Terrorism Financing

KYC – Know Your Customer

G20 – Group of 20

FATF – Financial Action Task Force

FI – Financial Institution

ME – Middle East

PEP – Politically Exposed Person

RPA – Robotics Process Automation

1MDB – 1Malaysia Development Berhad

© Fenergo 2018 3


Regulator Glossary

ACPR – Autorité de Contrôle Prudentiel et de Résolution (France)

AUSTRAC – Australian Transaction Reports & Analysis Centre (Australia)

BaFin – Federal Financial Supervisory Authority (Germany)

BNM – Securities Commission and Bank Negara Malaysia

CSSF – Commission de Surveillance du Secteur Financier (Luxembourg)

DFSA – Dubai Financial Services Authority (United Arab Emirates)

DOJ – Department of Justice (US)

FCA – Financial Conduct Authority (UK)

FSA – Financial Services Authority (UK)

FDIC – Federal Deposit Insurance Corporation (US)

FinCEN – Financial Crimes Enforcement Network (US)

FINMA – Swiss Financial Market Supervisory Authority (Switzerland)

FINRA – Financial Industrial Regulatory Authority (US)

FINTRAC – Financial Transactions & Reports Analysis Centre of Canada

FNC – United Arab Emirates Federal National Council

FSA – Financial Services Authority (UK – in operation 1985-2013)

HKMA – Hong Kong Monetary Authority

MAS – Monetary Authority of Singapore

PBOC – People’s Bank of China

NYDA – New York County District Attorney (US)

NYDFS – New York State Department of Financial Services (US)

OCC – Office of Comptroller of the Currency (US)

OFAC – Office of Foreign Assets Control (US)

RBNZ – Reserve Bank of New Zealand

SEC – Securities & Exchange Commission (US)

SFC – Securities and Futures Commission (Hong Kong)

© Fenergo 2018


4

Glossary 2

Regulator Glossary 3

Snapshot of Fine Facts 5

Introduction: Global Compliance Fines 6Regional Snapshot 6

So, who Fines More? 7

Global Fines by Year 8

Fines by Type 9

Regional Analysis of AML, KYC & Sanctions Fines 11

US Regulators in Focus 14

US Regulators and their Focus on Foreign Financial Institutions 15

Calculating the Cost of Compliance 25

Conclusion 26

Source 26


5© Fenergo 2018


Global financial institutions have experienced stiff regulatory scrutiny with regard to their anti-money laundering and counter-terrorism funding controls over the past 10 years. This is clearly reflected in the significant monetary penalties, totaling $26 billion, that have been imposed worldwide for violations against AML, KYC and sanctions rules.

GLOBAL ENFORCEMENT TRENDS

For more information on Global AML Fines please visit www.fenergo.com or email [email protected]

2015 was a record year for fines with a total of $11.6 billion issued.

The highest penalty of $8.9 billion was issued by the US Dept of Justice (DOJ) in 2015.

The US accounts for 91% of all AML, KYC and sanctions fines by monetary amount globally.

Sanctions violations account for 20% of enforcement penalties issued globally.

Highest issuer of AML and sanctions fines globally with an average fine of $195 million based on top 11 regulators.

Since 2008, European-head-quartered banks have been fined a total of $18 billionby US regulators.

Institutions headquartered inthe APAC region have been fined a total of $1.3 billionby US regulators.

Europe accounts for 7% of global AML fines levied in the last 10 years, totaling over $1.7 billion across 83 separate fines, 17 regulators across 15 countries.

2018 has been a record year for AML and sanctions fines in the region, with a total of $903 million levied.

The Netherlands was responsible for the highest fine issued in the region over the past decade ($900 million) in 2018.

The APAC region, home to over 40+ regulators, has levied a total of $609 million in fines over the past 10 years.

2018 has been a record year for fines so far with over $540 million issued.

Highest fine of $534 million issued by Australia’s AUSTRAC in June 2018.

US Europe APAC$23.52 billion $1.7 billion $609 million

Snapshot of Fine Facts


© Fenergo 2018 6

billion dollars in AML/KYC and sanctions-related fines.

It’s clear from the research that global regulators are increasingly putting financial institutions’ AML and KYC procedures, policies and technologies under the microscope. Inadequate customer due diligence procedures and the lack of cohesive, global AML compliance programs were commonly cited as major failings of the penalized institutions. In terms of sanctions violations, screening processes that willfully ignored the status of sanctioned entities are a recurring theme in our research.

Regional SnapshotOn a regional level, the United States (US) has levied 91% of all global AML, KYC and sanctions-related fines by monetary amount over the past decade, totaling $23.52 billion. The US Department of Justice (DoJ) was responsible for the highest enforcement action issued worldwide over the past decade, an $8.9 billion penalty against a Tier 1 French bank in 2015.

Introduction: Global Compliance Fines

Since the financial crisis started in 2008, financial institutions around the world have had to deal with a series of regulations being introduced to increase transparency in a bid to create a safer, robust and more transparent financial system. Between 2009 and 2012 alone, more than 50,000 regulations were published across the G20 (Group of 20), with almost 50,000 regulatory updates being made in 2015 alone (1).

Fenergo has compiled a rich database of monetary penalties and enforcements imposed by global regulators around the world for financial institutions’ violations against Anti-Money Laundering (AML), Know-Your-Customer (KYC) and sanctions regulations. This analysis measures the financial impact that these fines have had on financial institutions across the world over the last ten years. The findings, while not surprising, pack a punch when considered in their totality.

The main finding is that over the past ten years, regulators across the North American, European, APAC (Asia Pacific) and Middle Eastern (ME) regions have issued nearly $26

Global AML Fines by Region 2008-2018

0

$5 Bn

$10 Bn

$15 Bn

$20 Bn

$25 Bn

North America Europe APAC MENA


7© Fenergo 2018

the United Kingdom (UK). However, we are starting to see more regulatory bite coming from financial centers such as Hong Kong and Singapore as they prepare for FATF (Financial Action Task Force) Mutual Evaluations to bring their standards for AML, KYC and sanctions compliance more in line with international standards.

Europe follows closely behind, with $1.7 billion issued in fines over the ten-year period. 2018 has been a record year for AML fines in the region with a total of $903 million levied, including the highest European AML fine of the past decade, totaling $900 million which was levied by Dutch authorities.

In APAC, AML-related fines totaling $609 million have been issued in the last 10 years. 2018 has heralded a new 10-year record for enforcement in the region, with nearly $541 million issued in fines within the first eight months of the year, including the largest fine in Australian corporate history. The fallout from the 1MDB (1Malaysia Development Berhad) scandal and increased international focus has also contributed to heightened enforcement activity since 2016. There is a notably intensified appetite from Singaporean and Hong Kong financial regulators to safeguard their respective financial systems by bolstering AML and KYC efforts.

In the Middle East, regulators are starting to find their regulatory bite in an attempt to fix a global perception of a ‘light touch’ regulatory regime within the region. The Dubai Financial Services Authority (DFSA) has been the most active regulator in the area, levying five fines totaling $9.5 million for AML contraventions.

So, who Fines More?According to Laura Glynn, Fenergo’s Director of Global Regulatory Compliance, the more mature and established financial centers of the world tend to be the ones that impose the most penalties – namely the US and

Region US$ Amount Levied

North America $23,560,300,113

Europe $1,703,958,787

APAC $608,512,772

MENA $9,446,600

Total $25,882,218,272

Global AML Fines by Region 2008 - 2018 Breakdown

“The typical global financial centers that have the most advanced policies, systems and automation of controls are being held to a higher standard and are the ones who are operating optimally in this space. There tends to be more prescriptive guidance from the regulator and there’s a more detailed step-by-step process of what is expected of the financial institutions operating in this area.” Laura Glynn, Director of Global Regulatory Compliance, Fenergo


8© Fenergo 2018

illicit activities and place real pressure on compliance executives to prevent further failings. 2015 was a record year for fines with a total of $11.6 billion issued; the highest penalty for a single bank was also recorded in this year with an $8.9 billion fine issued by the US Department of Justice (DoJ) on a Tier 1 French bank.

Global Fines by Year

As can be seen in the chart below, AML / CTF (counter-terrorism financing) and KYC-related fines have grown year-on-year from 2008 to 2016. Two exceptions to this are the years 2011 and 2014, the latter being surprising as this was the year for record breaking fines being levied against some banking industry heavyweights.

According to Laura Glynn, Fenergo’s Director of Global Regulatory Compliance, up until this year, the industry was starting to see a decrease in the number of fines being levied internationally. This changed half-way through the year for Europe and APAC, when record high fines were levied against a financial institution in each respective region. However, the overall trend would suggest that global fines are indeed on the decrease.

Although the number of fines has declined across several regions globally, the size of each fine has increased significantly, highlighting regulators’ continued determination to prevent

Global Financial Center Total Fines Levied US$

USA $23,529,862,783

Australia $534,367,200

UK $410,201,519

France $113,620,000

Switzerland $50,965,000

Germany $44,000,000

Singapore $16,808,000

Luxembourg $13,963,350

United Arab Emirates $9,446,600

Hong Kong $5,358,044

Canada $837,330

Grand Total $24,729,435,826

Top Global Financial Centers – Total AML Fines Levied (US$) 2008-2018

“After a very busy decade, I think we’re starting to see the number of fines issued plateauing. However, the monetary amount of each fine is increasing for the more significant breaches and infringements.”Laura Glynn, Director of Global Regulatory Compliance, Fenergo

9© Fenergo 2018


Fines by Type

Not surprisingly, the most common types of fines implemented against financial institutions by international regulators are for anti-money laundering (AML) violations and specifically for Bank Secrecy Act (BSA) regulatory failings within the US. This is followed by fines for sanctions, Know Your Customer (KYC) and transaction reporting failures.

Glynn claims there have been several influences on these fines, including misconduct and misselling arising from the global financial crisis, geo-political factors, terrorist financing, tax crimes and tax avoidance, with scandals such as the Panama Papers, Paradise Papers and Bahamas Leaks contributing significantly to shedding a spotlight on the issue of beneficial ownership.

We will now further examine AML and sanctions enforcement trends on a regional basis across North America, Europe, Asia Pacific and the Middle East based on data gathered over the last ten years.

“Collectively, these events have helped to shape the regulatory enforcement priorities over the last number of years.” Laura Glynn, Director of Global Regulatory Compliance, Fenergo

Global AML Fines by Year 2008-2018

0

$2 Bn

$4 Bn

$6 Bn

$8 Bn

$10 Bn

$12 Bn

$14 Bn

2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

10© Fenergo 2018


Global AML Fines 2008-2018 by Fine Type

0 20 40 60 80

100 120 140 160 180

AML Violations BSA violations KYC violations Sanctions violations

Transaction Reporting Failures


11© Fenergo 2018

2015 was the most punitive year for fines in terms of monetary value, with over $11.2bn in penalties issued by US regulatory authorities. This was also the most active year in terms of the number of fines levied across this region, with 20 separate fines imposed for AML and sanctions-related violations.

In this report and the accompanying infographic, we have chosen to focus on the top 11 US regulators by total monetary amount issued in the past decade.

Regional Analysis of AML, KYC & Sanctions Fines

North America - USD$23.56 billion

The North American region includes 14 featured regulators which are focused on Bank Secrecy Act (BSA), AML and sanctions enforcement across four countries (US, Canada, Bermuda and Mexico).

The US accounts for 91% of all AML, KYC and sanctions fines issued by monetary amount globally.

North America AML Fines by Year (US$) 2008-2018

US - USD$23.52 billion

The US, with its proactive group of regulators, accounts for the highest concentration of AML-specific regulatory enforcements in this region, representing a total of $23.52 billion fines across 122 penalties.

The highest fine amounts were levied between the years 2012 to 2015 when $12.2 billion was imposed on only six financial institutions by a single regulator, the Department of Justice

(DoJ), representing over 50% of the total fine amount imposed by the US for the entire ten-year period. Incidentally, the DoJ is the most active regulator for AML and sanctions breaches.

A total of 66 fines were levied by US regulators on financial institutions for AML/BSA breaches combined, with a further 54 for sanctions violations and three related to transaction reporting failures.

0

$2 Bn

$4 Bn

$6 Bn

$8 Bn

$10 Bn

$12 Bn

2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

North America


12© Fenergo 2018

Canada - USD$887,330

In 2016, FINTRAC (The Financial Transactions and Reports Analysis Center of Canada) levied its first ever fine of $837,330 ($1.1m CAD) for transaction reporting failures. This was also the first bank in Canada to be penalized under the country’s expanded money laundering rules.

Mexico - USD$28 million

Given its links to a burgeoning drug trade, Mexico has long been in the spotlight for international regulators, with a number of major

financial institutions being fined record amounts for letting their financial systems be accessed by criminals seeking to launder cartel cash. However, despite this, Mexico’s National Securities and Banking Commission issued only one fine of $28 million to an international Tier 1 bank in 2012 for AML violations.

Bermuda - USD$1.6 million

The Bermuda Monetary Authority (BMA) has imposed two fines for AML fines since 2012, totalling $1.6 million.

Year Regulator Amount Fine Type

2015 Department of Justice $8,900,000,000 Sanctions Violations

2014 Department of Justice $1,700,000,000 AML Violations

2012 Department of Justice $1,256,000,000 Sanctions Violations

2012 OFAC $619,000,000 Sanctions Violations

2015 NYDFS $610,000,000 Sanctions Violations

2012 OCC $500,000,000 Sanctions Violations

2010 DOJ $500,000,000 BSA Violations

2018 DOJ $453,000,000 BSA Violations

2010 FINRA $450,000,000 AML Violations

2017 NYDFS $425,000,000 AML violations

US Regulators Highest AML Fines Levied 2008-2018

US AML Fine Types Levied 2008-2018

0

10

20

30

40

50

60

USA

AML Violations

BSA violations

Sanctions violations

Transaction Reporting Failures


13© Fenergo 2018

To Name & Shame, or Not?FINTRAC has a track history of keeping fine enforcements confidential. Over the last decade or so, FINTRAC has named 40 companies for violating AML rules but kept another 55 company names under wraps. This has resulted in public backlash against the regulator for naming some companies but witholding others.

According to a recent report conducted by the Wall Street Journal, two thirds of Canadian FIs had ‘significant levels’ of non-compliance with anti-money laundering rules and have been publicly named and shamed by international regulators for flouting AML/KYC rules over the last few years, although none were fined. In 2011, the Royal Canadian Mounted Police estimated that between $3.8 billion to $11.5 billion is laundered in the country annually (2).

14© Fenergo 2018


US Regulators in Focus Department of Justice (DOJ) - $14 billionThe DOJ is the highest issuer of AML, KYC and sanctions fines globally. This amounts to $14 billion spanning 12 Bank Secrecy Act, AML and sanctions violations. The highest fine issued was $8.9bn in 2015 against a Tier 1 French bank, which also marked the first time a global bank had pleaded guilty to violations of US economic sanctions.

The New York State Department of Financial Services (NYDFS) - $3.6 billionThe NYDFS has imposed $3.6bn in 14 fines over the past six years. Over the last three years in particular, the regulator has imposed a total of $1.4bn for AML non-compliance. Sanctions violations account for 60% ($2.2bn) of the total fines issued (by monetary amount). In 2014, the NYDFS imposed their highest fine of $610m on a German Tier 1 bank for sanctions violations.

The Office of Foreign Assets Control (OFAC) - $1.7 billionOFAC is responsible for creating and enforcing US sanctions. It has levied 52% of all global sanctions-related fines by count over the past 10 years. The highest fine imposed was $619m in 2012 against a Dutch bank for illegal transactions with Cuban and Iranian entities.

The Office of the Comptroller of the Currency (OCC) - $1.2 billionThe OCC has imposed $1.2 bn for BSA/AML violations, comprised of 15 civil money penalties, over the past decade. The highest fine of $500m was issued in 2012 against a Tier 1 British bank for sanctions violations as part of a record $1.92 billion multi-regulator settlement.

New York County District Attorney (NYDA) - $1.1 billionThe New York County District Attorney has imposed five sanctions-related fines totaling $1.1 billion over the past 10 years. The highest fine was for $342 million against a German bank in 2015 for a multi-regulator settlement, totaling $1.45 billion.

The Federal Reserve - $658 millionThe Federal Reserve has imposed 8 fines totaling $658m for a range of AML, BSA and sanctions-related violations. Sanctions violations have accounted for some of the regulator’s heaviest monetary penalties, with five fines totaling $572m (87% of the ten-year amount). The highest fine issued was $200m in 2015 as part of a $1.45bn joint-regulator settlement against a German-headquartered bank for sanctions and banking violations.

The Financial Crimes Enforcement Network (FinCEN) - $537 millionFinCEN, the federal regulator directly responsible for enforcing BSA and AML compliance, has issued 14 monetary penalties totaling $537m over the past decade. The regulator’s highest BSA-related fine of $185m was levied against a domestic bank in 2018.

Financial Industry Regulatory Authority (FINRA) - $513 millionFINRA has levied $513m across ten fines over the past decade. The highest fine issued was $450m in 2010 against a US-based securities clearing firm for inadequately reviewing trades for suspicious activity.

US Attorney’s Office (District of Columbia) - $156 millionThe US Attorney’s Office (District of Columbia) levied one significant fine of $156 million against a Tier 1 French bank for severe sanctions violations. The settlement also included an additional penalty of $156 million from the New York County District Attorney.

Federal Deposit Insurance Corporation (FDIC) - $144 millionThe Federal Deposit Insurance Corporation has issued two civil money penalties totaling $144 million. The more significant fine of $140 million was levied against a Mexican subsidiary of a major US banking group in 2015.

Securities and Exchange Commission (SEC) - $29 millionThe SEC has levied $29 million in fines, comprised of only six civil money penalties. In 2016, the regulator filed its first fine against a financial institution solely for failing to file suspicious activity reports without proof of any actual underlying abuse. The highest fine levied was $13 million against a US bank for AML violations in 2017.

© Fenergo 2018


15

US Regulators and their Focus on Foreign Financial Institutions US regulators have hit foreign financial institutions particularly hard over the last 10 years.

Since 2008, European financial institutions have been fined four times more than their US counterparts by US regulators, bringing in a total of $18bn into regulatory coffers and representing 77% of the total of all fines levied by US regulators during the 10-year period.

This includes:

• Six fines totalling $10 billion levied against French FIs by US regulators

• 18 fines issued against UK FIs, totalling $4.4 million.

US Fines Levied on European Banks (US$)

Indications in the media suggest that given their growing dominance on the top 1,000 financial institutions in the world, Asian FIs are now coming more sharply into the regulatory eyeline, with predictions that they will start to receive hefty fines. This has already commenced with a recent fine of a top three Chinese bank in May 2018.

US Fines Levied on APAC Banks (US$)

0

$2 Bn

$4 Bn

$6 Bn

$8 Bn

$10 Bn

$12 Bn

USA

France

Germany

Italy

Luxembourg

Netherlands

Spain

Switzerland

UK

$100 M

$200 M

$300 M

$400 M

$500 M

$600 M

$700 M

USA

Australia

China

India

Japan

Pakistan

South Korea

Taiwan

16© Fenergo 2018


Laura Glynn states that there are many factors contributing to this. “If you look at how the [foreign] FIs are staffed, you have to ask - are they being staffed with expats who aren’t as familiar with the US rules and regulations? Are they brand new entities who have just been set up and haven't necessarily laid the framework and developed the relationships with the regulators? It’s not to say, however, that these branches are being treated any differently to US financial institutions, who are subject to the exact same regulatory priorities and examinations on enforcement actions.”

Europe – USD$1.7 billionEurope has issued 83 fines, levying a total of $1.7 billion, with more than 30% of these fines being attributable to the UK’s Financial Conduct Authority (FCA). Considering that over $90 billion is laundered annually through financial institutions under their remit, the FCA is pioneering an aggressive agenda of cultural change, evidenced by the implementation of a revised regime for individual accountability in the financial sector, namely the Senior Managers and Certification Regime (SM&CR).

2018 has been a record year for AML and sanctions fines in Europe with a total of $903 million levied – 3 times more than fines levied in 2017.

As of September 2018, the Netherlands is the highest issuer of AML and sanctions-related fines by USD$ amount within Europe. This is the result of Dutch financial crime prosecutors handing down the highest fine ever recorded in Europe over the past ten years, totaling $900 million, in a joint investigation with US authorities.

European Fines Levied 2008-2018 (US$)

While regulators from Italy (Bank of Italy), France (Autorité de Contrôle Prudentiel et de Résolution) and Switzerland (Swiss Financial Market Supervisory Authority) have issued

fewer fines, they have imposed individual fines in more punitive amounts (with fines totalling $285 million), designed to achieve optimal deterrence.

$ M

$100 M

$200 M

$300 M

$400 M

$500 M

$600 M

$700 M

$800 M

$900 M

$1 Bn

Europe

2008

2010

2012

2013

2014

2015

2016

2017

2018


17© Fenergo 2018

Year Country/Regulator Amount Area

2018 Dutch authorities $900,000,000 AML Violations

2017 UK (FCA) $204,000,000 AML Violations

2016 Italy (Bank of Italy) $119,000,000 AML Violations

2015 UK (FCA) $109,500,000 KYC Violations

2017 France $91,000,000 AML Violations

2015 Germany (BaFin) $44,000,000 AML Violations

2015 Switzerland (FINMA) $43,000,000 AML Violations

2014 UK (FCA) $19,800,000 Transaction Reporting Failures

2012 UK (FSA) $13,900,000 AML Violations

2014 UK (FCA) $12,700,000 AML Violations

Europe Top 10 Fines Levied 2008-2018

Netherlands - USD $901 million

The Netherlands is the highest issuer of AML and sanctions-related fines by USD amount within Europe. In a joint investigation with US authorities, Dutch financial crime prosecutors handed down the highest fine in Europe over the past ten years in September 2018, totalling $900 million. The offending institution, a Tier 1 Dutch bank, was penalized for serious shortcomings in executing customer due diligence policies within its Dutch unit from 2010 to 2016.

Up until this year, the Dutch Central Bank was rarely able to disclose details of the type of fines issued or name the offending institutions in question. In July 2018, the Netherlands strengthened AML legislation by enabling regulators to impose a turnover-related administrative fine of 20% for significant AML breaches. It also broadened the publication powers of supervisory authorities.

UK - USD $411 million

The UK is the most active issuer of AML/KYC fines in Europe. The Financial Conduct Authority (FCA), formerly known as the Financial Services Authority (FSA), has levied over 30% of AML fines in Europe (by number of fines). Moreover, the regulator has issued half of the top 10 AML-related fines in Europe over the last decade and imposed the second highest fine of the past decade recorded in

Europe ($204m) in 2017 against a Tier 1 German bank.

Italy - USD $120 million

Italy has issued only two AML-related fines over the past 10 years. One fine amounted to $119 million against a Swiss Tier 1 bank for significant AML and fraud violations in 2016. The second regulatory enforcement action, against a Chinese bank, consisted of a $634,000 fine and suspended prison sentences for four employees who failed to report illicit money transfers. Italian banks have been handed down a total of $244 million in fines from international regulators.

France - USD $114 million

The Autorité de Contrôle Prudentiel et de Résolution (ACPR) and French investigative authorities have collectively issued four AML fines, totalling $114 million over the past 10 years. French financial institutions have also experienced stiff penalties from international (mainly US) regulators, receiving $10 billion in fines predominantly related to sanctions weaknesses.

Switzerland - USD $51 million

As the world’s largest offshore financial center, Switzerland has experienced significant international pressure with regard to its banking secrecy practices. The Swiss Financial Market Supervisory Authority (FINMA) has levied only four significant fines with regards to AML/KYC/


18© Fenergo 2018

sanctions violations over the past 10 years. In stark contrast, over $675 million comprised of 12 fines has been levied against Swiss financial institutions by international regulators for a range of violations, including sanctions, AML and tax evasion.

Germany - USD $44 million

The Federal Financial Supervisory Authority (BaFin) is noticeably reticent about publicly declaring its regulatory enforcement activities, with just one publicly announced fine of $44m. German financial institutions, however, have been subject to stiff monetary penalties from international regulators, totalling $2.1 billion in fines.

Nordics - USD $17.2 million

Denmark and Sweden have sanctioned and fined five leading financial institutions for AML violations and offences over five years amounting to $17.2m in punitive fines. In total, $1.5m was levied on Nordic financial institutions by international financial regulators. This makes it the only region in the world where Nordic banks have been fined by domestic regulators more than by international regulators. It is

expected that big changes may arise in this region with current investigations against Nordic banks taking place across Denmark, Estonia, US and the UK.

Luxembourg - USD $14 million

As an offshore financial center, the Commission de Surveillance du Secteur Financier (CSSF) has traditionally been quite secretive in revealing its enforcement activity. 2017 signalled a significant change in approach, however, with two severe penalties totalling $14m announced against two banking institutions, marking an all-time high for the regulator. Financial institutions in Luxembourg have received punitive penalties, in comparison, totalling $152 million.

Latvia - USD $11 million

In response to its reputation as a money laundering haven, Latvia has issued 13 fines over the past four years. However, despite the crackdown by regulators, Latvian financial institutions are continuing to face increasing scrutiny from international regulators, having received a total of $91 million in fines and several high-profile warnings, most recently from FinCEN.

UK AML Fines by Year (US$) 2008-2018

0

$50 M

$100 M

$150 M

$200 M

$250 M

UK

2008

2010

2012

2013

2014

2015

2016

2017

2018


19© Fenergo 2018

Latvia Fines Count by Year

APAC – USD $609 millionThe APAC region, home to over 40+ regulators, is one of the most complex jurisdictions in terms of regulatory compliance. Over the last ten years, the region, as a whole, has levied a total of $609 million in fines.

88% of this amount can be accounted for in a single fine ($534 million) issued in 2018 by

the Australian financial regulator, Australian Transaction Reports & Analysis Centre (AUSTRAC), against a Tier 1 Australian bank for repeated contraventions of AML legislation over a three-year period.

2018 was a record year for fines levied by APAC regulators, with over $540 million imposed across the region, largely attributable to AUSTRAC imposing the highest fine in

APAC Fines by Country (US$)

$0

$100

$200

$300

$400

$500

$600

Austra

lia

Philip

pines

Singa

pore

Malaysi

a Ind

ia

Hong K

ong

New Ze

aland

South

Korea

China

MIL

LIO

NS

0

2

4

6

8

10

12

14

Latvia

AML Violations

KYC violations

0

$100 M

$200 M

$300 M

$400 M

$500 M

$600 M

Austra

lia

Philip

pines

Singa

pore

Malaysi

a Ind

ia

Hong K

ong

New Ze

aland

South

Korea

China


20© Fenergo 2018

Australian corporate history. In terms of fine type, AML accounts for the clear majority of fines across APAC, with 52 fines cited for

AML violations, followed by 15 fines for KYC breaches and one penalty for transaction reporting failures.

Year Country (Regulator) Amount Fine Type

2018 Australia (AUSTRAC) $534,000,000 AML Violations

2016 Philippines (Central Bank) $21,300,000 AML Violations

2015 Malaysia (Bank Negara) $13,394,502 AML Violations

2016 Singapore (MAS) $3,952,000 AML Violations


2017 New Zealand (Dept of Internal Affairs) $3,861,700 AML Violations



2015 South Korea (FSC) $1,800,000 AML Violations

2018 Hong Kong (SFC) $1,200,000 AML Violations

APAC Top 10 Fines Levied 2008-2018

In order of fine amounts, here are the regulators in APAC that have levied the most AML / KYC and sanctions related fines:

Australia - USD $534 million

As of June 2018, Australia is the highest issuer of AML fines in the APAC region over the past decade. In that month, AUSTRAC levied the highest fine, $534 million, in Australian corporate history against one of the biggest Australian financial institutions for repeated contraventions of AML legislation over a three-year period.

Up until this point, Australian FIs had not experienced the big fines that their global peers had, nor had they invested as much as other FIs in other regions (namely US, UK and Europe). The Australian Bankers’ Association has claimed that Australian FIs are behind the curve in terms of compliance spend, estimating that significant financial institutions in the region (four major FIs and three regional lenders) have together spent AUS$1.73bn in recent years on implementing regulatory change including tax compliance and anti-money laundering. This can be contrasted against the estimated spend of between US$900 million and US$1.3bn that major international financial institutions are now spending individually (3).

However, this is now widely expected to change given the significance of the fine levied in this instance.

Philippines – USD $21.3 million

The Philippines has only meted out a single fine for AML non-compliance during its history but still managed to rank for the second highest fine imposed by any APAC regulator. In 2016, the Philippine’s central bank, Bangko Sentral ng Pilipinas, fined a Philippine bank $21.3 million for its involvement in the laundering of funds stolen from the Bangladesh Central Bank in a cyber heist. The bank in question was used by cybercriminals to channel $81m stolen from Bangladesh’s central bank earlier that year.

A year later, the Philippines’ Anti-Money Laundering Council (AMLC) adopted rules that impose tougher sanctions and higher fines on individuals and financial institutions who have been found to have engaged in money laundering activities. This was seen as a rare but welcomed move, which detailed the factors considered when assessing AML program failures, as well as a table of penalties and non-penalty measures that can be administered for these failures.


21© Fenergo 2018

Monetary Authority of Singapore AML Fines 2008-2018

Singapore – USD $17 million

Since 2016, the Monetary Authority of Singapore (MAS) has issued fines of $17 million across nine separate fines, each in the area of AML violations. A big focus for MAS over the last few years has been the two-year investigation into the highly publicized 1MDB state fund scandal, which resulted in two AML penalties for more than $1 million.

In addition to these penalties, MAS closed the local branches of two financial institutions for AML weaknesses and improper conduct by senior banking personnel. The 1MDB review is the most extensive review ever to be undertaken by MAS, with a total of $21 million in fines levied against eight FIs. This review led to the delayering of a complex web of shell companies

and hidden transactions across multiple jurisdictions.

Prior to 2016, MAS had not issued one single fine for AML/KYC/sanctions weaknesses.

Malaysia – USD $14 million

The Securities Commission and Bank Negara Malaysia (BNM) in Malaysia has imposed $14 million across nine AML fines since 2011. One penalty of $13.4 million (which also involved the bank signing up to a four-year remedial program to achieve best practice in corporate governance and the setting aside of an addition RM25m ($5.75m) for investment in infrastructure and staff retraining) was imposed for multiple AML breaches in relation to the 1Malaysia Development Berhad (1MDB) scandal.

This particular fine, which could be considered punitive relative to other fines levied by the regulator, was found to be ‘commendable but insufficient’ when compared to fines by the regulators in other jurisdictions, namely the US and the UK. Public trust in the Malaysian financial sector has diminished significantly since the 1Malaysia Development Berhad (1MDB) scandal. [This particular scandal involved the revelation that $681 million was transferred to the personal bank accounts of Malaysia’ Prime Minister Najib Razak, who is also finance minister in 2014.]In January 2018, BNM commenced the publishing of all future enforcement actions taken against financial institutions for non-compliance with regulatory rules in the hope that naming and shaming of violating FIs will help to change current behaviors and bank culture.

$ M

$2 M

$4 M

$6 M

$8 M

$10 M

$12 M

Singapore

2016

2017

2018


22© Fenergo 2018

So why the additional focus on AML/CTF now by HK Regulators?

The FATF mutual evaluation report is obviously a significant reason behind the magnified focus by Hong Kong regulators on the areas of AML/KYC/CTF compliance failings. Hong Kong is particularly keen to promote the area of enforcement to rectify perceptions of it being a jurisdictional conduit for dirty money. The country recently suffered adverse publicity as one of the leading financial centres in the world where criminals choose to launder ill-gotten gains due to the ease of doing business there. The investigations into the Russian Laundromat and Panama Papers scandals showed Hong Kong as a major beneficiary of crime proceeds, as well as being the most active market for the creation of shell companies, behind which criminals, launderers and terrorists hide and funnel their monies.

India - USD $11 million

India has imposed the highest number of fines in the region, totalling 34 fines imposed since 2012, primarily related to KYC violations. However, India ranks only fifth highest in terms of monetary value, with the fines totalling just $11 million.

Hong Kong - USD $5.4 million

In the lead up to its FATF mutual evaluation report expected in late 2018, both regulatory authorities in Hong Kong, the Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA), have increased AML/CTF regulatory enforcement actions, imposing seven fines over the past 18 months for financial institutions’ violations of AML

China - USD $94,000

While China has committed to a stronger focus on AML, they have imposed fines of only $94,000 so far for AML violations since 2016.

However, this year, we’ve started to see a stronger position being taken by the People’s

rules, each ranging from HK$2.6m to a high of HK$9.6m in August 2018. Five of these FIs were penalized due to AML control failings within a period of only six weeks.

These enforcements were imposed to send a strong signal to the market and to serve as a warning bell to other FIs in the region to get their regulatory houses in order. To put these fines into context, there were zero enforcements made in 2016 relating to AML. Both the HKMA and SFC have made it very clear that AML and CTF compliance will continue to be a proirity in 2018 and beyond. In particular, the SFC has established a temporary specialist team within its Enforcement Division to specifically tackle KYC and AML/CTF failings.

Bank of China (PBOC) regarding its approach to anti-money laundering (AML), with AML becoming a key pillar of the national strategy on financial regulation. Very recently, the country integrated its supervisory mechanism for anti-money laundering, anti-terrorism financing and anti-tax evasion.

Growing Regulatory Appetite in China

China has made significant strides towards adopting international best practice for AML/CTF compliance. It has started to participate in international AML lobby groups including the Asia/Pacific Group on Money Laundering, the Eurasian Group on Combating Money Laundering and Financing of Terrorism, as well as the Financial Action Task Force (FATF) Mutual Evaluation process and is currently making moves to join the Egmont Group of International Financial Units.


23© Fenergo 2018

South Korea – USD $1.8 million

Similar to China, South Korea has imposed fines of only $1.8 million for AML violations since 2015. In light of their upcoming FATF assessment in 2019, however, Korean financial authorities have been actively beefing up their anti-money laundering legal regimes. Currently, South Korea’s anti-money laundering laws do not cover non-financial professionals, such as lawyers and accountants. A bill has been proposed to include the non-finance sector under anti-money laundering legislation.

In terms of fines levied on Korean FIs, the New York DFS imposed an US $11m fine in late 2017 on a South Korean bank with operations in New York for deficiencies relating to its risk management and AML compliance efforts. This was the first time any South Korean bank has been subjected to disciplinary action.

In light of this fine, there has been a noticeable rise in the number of South Korean FIs operating in New York seeking to improve their AML and monitoring systems.

New Zealand - US $0

In recent years, legal experts have raised concerns about the country’s lax regulatory regime and possible flow of illegal money into

New Zealand, which may put the country at risk as a safe haven for money laundering. The country has form – in 2012, the European Union removed New Zealand (and Russia) from its banking and corporate white list for not having strong enough controls against money laundering.

Although it has levied several enforcement warnings for non-compliance to FIs with insufficient anti-money laundering procedures, the country’s regulator, the Reserve Bank of New Zealand (RBNZ), has yet to impose a monetary penalty.

Middle East - $9.5 millionThe UAE has been cited as one of the most proactive countries in the Middle East for countering money laundering and financial crimes. However, the rest of the region still lags behind in terms of the fight against financial crime.

As the economic climate continues to flourish in the Middle East, there is a growing sense that ME countries need to toughen their infrastructure and stance against money launderers, terrorist financing and criminals. This is reflected in the stringent fines imposed by international regulators on ME FIs over the past decade, totalling $11 million.

Total Fines Levied on MENA banks by international regulators

$ M

$1 M

$2 M

$3 M

$4 M

$5 M

$6 M

Jordan Lebanon Qatar UAE


24© Fenergo 2018

In light of this, over the last two years, there have been significant strides made to transform the approach to AML/KYC/CTF compliance. For one, the UAE Federal National Council’s (FNC) Financial and Economic Affairs Committee announced key changes in its anti-money laundering legislation. However, there is significant work to be done by other ME states with specific regard to transaction monitoring, customer due diligence and PEPs (Politically Exposed Persons) identification.

As outlined below, Dubai is the only region in the Middle East to be active in the area of AML enforcement, particularly when it comes to monetary penalties.

United Arab Emirates - $9.5 millionThe Dubai Financial Services Authority (DFSA) imposed five fines totalling $9.5 million between 2011 and 2015, making it the most active regulator in the Middle East in terms of instances and monetary amount. All fines in the Middle East relate to AML violations.

Fines Levied by Dubai Financial Services Authority 2008-2018

$ M $1 M $2 M $3 M $4 M $5 M $6 M $7 M $8 M $9 M

$10 M

UAE

2011

2015


25© Fenergo 2018

in compliance will rise over the next two years. Compliance technology transformation is the top spending priority for the polled executives, both over the next 12 months (57%) and within the next three years (51%), signalling the industry-wide move to deploying technology rather than increasing headcount (4).

Certain regions, Asia-Pacific in particular, are still playing catch-up with 57% of respondents expecting spending to ramp up significantly over the next year, according to the Global Anti-Money Laundering Survey (5). Given that several APAC member countries are due to have their FATF mutual evaluations shortly, it’s clear they are beefing up their AML policies and procedures to meet FATF standards.

Calculating the Cost of Compliance

The increasing magnitude of regulatory challenges and AML compliance has come with significantly increased costs to financial institutions. Major international FIs are now spending between $900 million and $1.3 billion a year on financial crime compliance.

AML and sanctions fines can have a dramatic impact on the reputation and subsequently on the share price of the financial organization. In one example of a global bank who was fined a significant amount for AML failings in 2014, almost 40% was knocked off the value of their shares.

In Accenture’s 2018 Compliance Risk Study, 89% of respondents indicated that investment


© Fenergo 2018 26

Over the past ten years, global regulators have increasingly prioritized the importance of strict AML law enforcement to effectively deter money laundering and terrorist financing activity. This has taken shape in the form of a more aggressive enforcement paradigm with record monetary penalties levied, particularly by US regulators.

Conclusion

Nearly 90% of BSA/AML enforcement actions from 2012 to 2015 involved an assessment of money penalties, compared to less than half of such enforcement actions from 2002 through 2011 (6). At its peak, in 2015, global AML and sanctions-related fines reached a total of $11.5 billion. This now appears to be levelling off based on figures from the past 3 years, but the threat of regulatory enforcement, and its associated financial and reputational damage, is still ever present for financial institutions. With the implementation of new regulations, including MiFID II, GDPR and FinCEN’s Final Rule (CDD) over the past year alone, we can expect to see regulators continue to flex their enforcement muscles.

For financial institutions, compliance and the rate of regulatory change will continue to be a main concern but as the industry moves beyond mere survival mode to double-digit growth, the

new battleground is client experience. Delivering excellent client experience by future-proofing compliance, investing in financial and regulatory technologies and placing the focus and value on the client will allow financial institutions to stay ahead of the market.

Every financial institution in the world is now exploring or actively embracing new technologies, such as Artificial Intelligence (AI), Robotics Process Automation (RPA) and machine learning to create a single client view and enhance risk management across their organizations, ensuring fewer fines going forward.

At Fenergo, we believe in a community-based approach to tackling the regulatory challenge. We actively discuss upcoming and evolving legislation collectively with our community of clients through our regulatory forums. To find out more, visit Fenergo.com.

Sources:1. https://www.forbes.com/sites/tomgroenfeldt/2018/03/22/taming-the-high-costs-of-compliance-with-

tech/#281a7ef45d3f

2. https://www.canadianlawyermag.com/author/jennifer-brown/enforcement-lacking-in-anti-money-laundering-efforts-16110/

3. https://www.reuters.com/article/us-australia-cba-compliance-analysis/money-laundering-probe-exposes-australian-banks-compliance-frailties-idUSKCN1B00V8

4. https://www.accenture.com/ie-en/insight-2018-compliance-risk-study-financial-services

5. https://emarketing.alixpartners.com/rs/emsimages/2017/pubs/FAS/AP_Global_Anti-Money_Laundering_Survey_Dec_2017.pdf

6. http://www.nera.com/content/dam/nera/publications/2016/PUB_Developments_BSA_AML_Lit-06.16.pdf

Follow us on @Fenergo or join the discussion Fenergo

For more information on Fenergo, visit www.fenergo.com andcheck out our latest whitepapers and client case studies.

27

About FenergoFenergo is a leading provider of Client Lifecycle Management software solutions for capital markets and investment banks, commercial, business and retail banks, as well as private banking, wealth management and asset management firms. Our solutions help financial institutions to efficiently manage the end-to-end regulatory onboarding and entity data management processes. Fenergo’s rules-driven solution ensures compliance with multiple regulatory frameworks and supports the collection, centralization and sharing of client and counterparty data and documentation across the institution.

Comprised of three core modules, Fenergo’s Client Lifecycle Management platform includes:

Client & Counterparty Data Management Fenergo’s Client & Counterparty Data & Document Management solutions are designed to improve efficiency of the regulatory evidentiary process for compliance without impacting client experience by automating data consumption and promoting re-use of existing client data and documentation across multiple business units and jurisdictions. With Fenergo Client & Counterparty Data Management, financial institutions can re-use up to 80% of the client data requirements across multiple regulatory programs, improving client experience, enhancing risk management and expediting the compliance process.

Regulatory Compliance PlatformFenergo’s Regulatory Compliance Management solution is designed to support regulatory compliance teams to comply with immediate regulatory challenges easily and efficiently, whilst future-proofing against continually evolving or newly introduced regulations. Fenergo’s Regulatory Rules Engine brings together in one repository all the content, intelligence and rules required to support best practice compliance with global AML/KYC, tax (FATCA, CRS, 871M), OTC derivative-based regulations (Dodd-Frank, EMIR), MiFID II and Margin Requirements regulations.

Client Onboarding & Lifecycle Management Fenergo Client Lifecycle Management is an end-to-end platform that enables financial institutions to transform how they manage clients – from initial client onboarding, to KYC/AML compliance, to client data management & KYC reviews. Fenergo’s lifecycle approach to client management means that our solution goes beyond initial client onboarding and takes a lifetime view of the client, enabling the financial institution to perform data refreshes, ongoing due diligence and use the centralized data to support new regulatory obligations, as well as upsell and cross-sell opportunities.

Together these modules enable financial institutions to enhance risk management, expedite compliance, improve operational efficiencies, onboard clients faster, and enhance time to revenue and overall client experience.

www.fenergo.com

Did you know?

With 100% focus on financial services, Fenergo’s Regulatory Analysts and R&D teams are solely committed to addressing and solving the challenges faced by investment, corporate

and private banks. Fenergo works closely with our clients to ensure that all of their regulatory compliance and entity data management requirements are met fully and satisfy regulatory obligations. Fenergo runs a number of client engagement forums such as Client Advisory

Boards and Regulatory Forums, which provide our clients with a direct impact on the Fenergo solution suite and ensure that our solutions are closely aligned to solve the challenges our

clients are facing.


To find out more about Fenergo Client Onboardingand Regulatory Compliance or to see a demonstration,

please email [email protected]

For more information onFenergo’s Client Lifecycle Management solutions,

please visit www.fenergo.com.

www.fenergo.com

Documents

A Fine Mess We’re In - Fenergo · It’s clear from the research that global regulators are increasingly putting financial institutions’ AML and KYC procedures, policies and technologies