Surge in AML Fines - case study

Since the 2008 financial crisis, financial institutions have been on a mission to rebuild their reputation, navigating through a decade-long period of disruption as the industry continued to transform digitally to keep up with the demands the modern economy. As if the task itself was not challenging enough, they must now also consider expectations and needs of the new generation of banking services users, who are looking for an innovative offering to help them sort their payments and finances instantly, without detriment to safety.

FinTech companies and challenger banks are on the rise, prompting traditional financial institutions to change the way they operate and do it sooner rather than later.  And then, we have regulators, who are there to safeguard the public’s interest, making sure that financial service providers are compliant with local and international regulations, with a clear focus on anti-money laundering (AML) and financial crime prevention (FCP) measures. 

Since 2008, standards have grown significantly, driven by changing technological infrastructure, geopolitical developments and the evolving nature of criminal activity, which has taken many new shapes and forms, especially in the last few years. Although AML and FCP regulatory requirements have their local specifics, their core will largely be the same. While transforming and fighting for competitive advantage, financial institutions are expected to:

  • know their customers and business they operate
  • understand and assess customers’ intended product usage
  • verify customers’ source of wealth and funds
  • monitor and analyze customers’ activity over time
  • investigate and report instances of suspicious activity
  • screen customers against bad press, PEPs and sanctions
  • comply with relevant reporting obligations

A recent report by Lexis Nexis Risk Solutions, which covered all major regions and financial institutions, quoted a whopping USD 274. 1 billion of projected financial crime compliance costs in 2022. The research showed that this amount has steadily increased year-on-year, especially in Western Europe and the US. While that certainly is a lot, global money laundering consumes between USD 800 billion and 2 trillion annually, of which only a small fraction is retrieved. Either way, despite a growing amount being spent on AML compliance and other financial crime prevention measures, it appears that the next regulatory fine is not a matter of “if” but rather “when”. It won’t necessarily be one of the smaller players, without sufficient funding, but perhaps a medium or high-risk jurisdiction, that hits the headlines. It is likely to be one of the big banks operating worldwide.

The last two years offer plenty of examples which can help understand what the major failings are and determine why they continue to happen. There are certain themes that come through from this analysis and they can largely be grouped in three categories:

  • policies and procedures
  • systems and infrastructure
  • people.

With regards to the first point, it is not enough for policies and procedures to just be in place, it’s whether they are fit for purpose, understood, and executed that makes them effective. On the other hand, no matter how effective and efficient they are, they can still be violated, intentionally or not, when we add a human element on top. All major AML fines from the last 2 years have flagged certain elements of banks’ policy and guidance framework which were not operating properly. An example of this would be failure by a bank to properly risk-assess whole customer sectors, as a result of which the right level of due diligence requirements was not applied to a high-risk portfolio for years. Lack of proper scrutiny of such relationships makes banks susceptible to being used by criminals to launder money or otherwise facilitate financial crime. Procedures and policies were also found to be fragmented and not specific enough for staff to be able to review customers consistently and with the right level of regard for business-specific risks. This resulted in onboarding of customers without proper understanding of their nature of business, expected transactional flows or control framework. In some instances, customers were not even duly verified if the rating they were assigned at onboarding was anything other than high. Furthermore, some banks’ CDD framework did not guarantee proper customer lifecycle management, which meant that errors made at the onboarding stage had little chance of being rectified during a future periodic review as it was either not scheduled or not carried out consistently. Exit procedures have also proven to be ineffective even in light of considerable risks identified in relation to particular customers.

In terms of systems and infrastructure, there seems to be a common challenge with transaction monitoring, which is an integral part of any holistic customer risk assessment. There is no one expected standard of how transaction monitoring is to be executed, as long as it serves its goal of detecting or preventing unlawful or suspicious activity and meets regulatory requirements.  All banks analyzed for the purposes of this article had some form of transaction monitoring in place, both automated and manual. There were also policies in place describing screening and monitoring requirements and procedures guiding staff through the underlying processes and systems. However, it was found that banks’ frameworks were not sufficiently risk-sensitive and the extent to which policies and procedures were followed was questionable. Consequently, monitoring systems were not calibrated to meet changing internal and regulatory requirements. One of the fined banks failed to update its monitoring systems with the right scenarios to match its risk exposure, with was followed by several other system design issues. Another finding concerned thresholds set within a monitoring system and their alignment with scenarios and automated rules to enable proper identification of suspicious activity. Data fed into monitoring systems was incomplete and inaccurate and its quality was not properly assessed and consequently – not rectified. In another example, automated transaction monitoring system failed to duly monitor customers due to outdated data filters that did not take into account the regulatory changes that occurred during the investigation period. As a result, some medium and high-risk customers were not monitored at all. Without good quality transaction monitoring data, complete enhanced due diligence was not possible, which hindered assessment of AML and financial crime risks. 

As far as people are concerned, in neither of the analyzed examples was the main issue insufficient resources. The main challenge was conduct. Perhaps the most concerning outcome of the analyzed sentencing notes is that in 4 out of 5 examples, at some point in time respective financial institution became aware of its deficiencies but either failed to act on that discovery or did it in an unsatisfactory manner. One of the banks sought independent expertise on its compliance with regulations but never quite implemented the suggested remedial actions and ignored further regulatory developments. Another one had self-identified several issues with its transaction monitoring process but despite repeated internal and external reports confirming the need for changes, insufficient action was taken. In yet another example, internal audit performed during the investigation period highlighted deficiencies of transaction monitoring systems and their risk implications but proper read-across in all impacted branches was not undertaken. In one of the analyzed fines, employees repeatedly raised their concerns via an internal reporting channel, but they were not properly assessed or taken forward with the required level of vigilance.  Whether it's a matter of a weak compliance regime or deficient corporate culture, failure to do the right thing by banks’ own employees exposed institutions and their customers to financial crime risks. One of the fines was a result of what appeared to be an archaic organizational structure, with teams operating in silos. AML responsibilities were spread across different teams, which were not communicating and exchanging information between themselves, which made it difficult to assess customer risk holistically. Other people-related failings identified included insufficient oversight from senior managers of higher-risk relationships, overreliance on relationship managers during onboarding process or inadequate employee training.

It is fair to say that a certain level of risk is an integral part of running a business. Each bank has its own risk appetite and needs to put controls in place to effectively mitigate risks it is exposed to. Automation and RegTech often seem like the ultimate solutions to most problems faced by banks today. However, without proper supervision, “tone from the top” management, skilled personnel and effective policy framework, these are merely tools that might give a false sense of security. 
It is important to take note of two things:

  • one mistake is all it takes – failures do not need to be occurring over a period of time for a bank to be subjected to a fine. It might just be a one-off with a long-term impact on reputation and customer trust
  • reason for the fine might already have been rectified by the time sentencing hits the news but the public perception will be impacted regardless.

Therefore, it is key for banks to learn from not only own past mistakes, but also failings on the part of peer organizations. They need to get on the front foot and critically consider where they are on their journey to regulatory compliance.

Author: Justyna Salawa

 

Referenced Sources:
N. Moden, C. Hines, P. Neufeld, ‘How traditional banks can make the most of consumer trust’, EY: https://www.ey.com/en_gl/financial-services-emeia/how-traditional-banks-can-make-the-most-of-consumer-trust, accessed 7 March 2023.
Lexis Nexis Risk Solutions, ‘True cost of financial crime. Compliance study’, June 2021: https://risk.lexisnexis.com/global/en/insights-resources/research/true-cost-of-financial-crime-compliance-study-global-report - accessed 7 March 2023.
M. R. Redhead, ‘The Future of Transaction Monitoring: Better Ways to Detect and Disrupt Financial Crime’, SWIFT Institute: https://www.swift.com/swift-resource/250631/download - accessed 4 March 2023.

 

The threat of wildlife trade in AML

Tigers, white rhinos, leopards, African elephants, and orangutans- seen by many as majestic and charming animals. Many of us admire them and try to capture their beauty with many of these animals at risk of extinction. Unfortunately, not everyone has such pure intentions. Trade in wild animals is becoming an increasingly popular way to launder money.

More

Understanding AML in the UK Charity Sector

The charity sector is often called the Tertiary Sector, the volunteer sector, the not-for-profit sector, the community sector or the civic sector. The aim of this sector is to generate social wealth rather than material wealth. Let's analyse it in the context of anti money laundering and compliance.

More

A Spotlight on Modern Slavery

Over 50 million people suffering and $150 billion in profits. Is the world coping with modern slavery? What steps should you take to improve the reality? Find out what role the financial sector has to play in detecting modern slavery.

More

Digital Transformation in banking sector

What are the main opportunities and threats attached to the digital transformation? Why do banks undergo digital transformation and how it impacts Finance, HR and Business Change functional areas? This article seeks to explore possible answers to those questions. Join us to learn more on this topic as we speak to NatWest Polska Leadership Team. 

More

Fight FinCrime Forum 2023 is here!

The fight against financial crime is a key element in maintaining the integrity of financial systems, preventing money laundering, fraud and corruption, and ensuring a fair and transparent global economy. It builds trust in financial institutions and contributes to the overall stability of the global financial ecosystem.

More

Power of Flash mentoring in FinCrime

As John Maxwell says, “We all need someone to help us in our pursuit of intentional growth and the right mentor helps you take massive leaps forward.”
In the realm of financial crime prevention, flash mentoring is revolutionizing the way professionals stay informed and prepared. This article explores its transformative impact on skills and strategies in the ongoing battle against financial wrongdoing. Join us to discover the power of flash mentoring in FinCrime.

More