“Financial institutions have been hit with $10.4 billion in global fines and penalties related to Anti-money laundering (AML), know your customer (KYC), data privacy, and MiFID (Markets in Financial Instruments Directive) regulations in 2020” notes ComplianceWeek. Banks, large multinational corporations, and companies conducting high-risk activities such as Crypto/Asset Funds and Fintech subsidiaries are being fined at record levels for not complying with customer due diligence requirements and the trend just seems to be increasing.
Anti-money laundering regulations become more stringent every year as do the associated fines. On January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021 (the NDAA), which includes the most substantial and sweeping improvements surrounding AML legislation. This omnibus bill includes amendments to the USA Patriot Act which address a wide range of gaps in previous legislation. The US’ AML Act 2020 (AMLA) was designed to address changes in the technological landscape and the lack of motivation (monetary or otherwise) for whistleblowers to share AML information with authorities.
Key Provisions of the AMLA 2020
The AMLA 2020 brought forth major changes and amendments which strengthened the penalties for non-compliant banks and financial service organizations. Major changes include:
- Stringent AML Enforcement Through Improved Compensation For Whistleblowers
- AMLA 2020 Expands Existing BSA/AML Violation Penalties
- AMLA 2020 Legislation Allocates More Government Resources Committed to Address Money Laundering
- AMLA Provides Additional Statutory Authority for DOJ to Seek Documents from Foreign Banks & Financial Institutions
- The AMLA References a Pilot Program To Share SAR (Suspicious Activity Report) Data Across International Borders
- The AMLA Extends the BSA’s Reach To Cryptocurrency (Nontraditional Value Transfers)
7 Anti-money laundering Compliance Fines You May Have Missed
“Financial institutions have been hit with $10.4 billion in global fines and penalties related to Anti-money laundering (AML), Know Your Customer (KYC), data privacy, and MiFID (Markets in Financial Instruments Directive) regulations in 2020, bringing the total to $46.4 billion for those types of breaches since 2008,” ComplianceWeek reports. Failure to comply with Anti-money laundering laws and regulations brought heavy fines in 2020 and continues to increase. Below are seven of the largest fines levied on banking & financial institutions:
- 2019 Data Breach leads to Capital One fine of $80 Million
The US Office of the Comptroller of the Currency (OCC) levied an $80 million civil fine against Capital One in August for its mismanagement and inadequate security systems. According to Fortune Magazine, “the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and ‘engaged in unsafe or unsound practices that were part of a pattern of misconduct.’” The breach compromised over 140,000 Social Security numbers and 80,000 bank account numbers. Paige Thompson, a former Amazon Software Engineer, stands accused of stealing personal identifiable information (PII). Charges include computer fraud and “abuse for an intrusion on the stored data.”
Large gaps in information security and Anti-money laundering regulations influenced the adoption of the most recent AML legislation which helps support previous computer security and fraud legislation. While Thompson’s motives may still be under investigation, proper employee vetting through background checks and PII security policies are paramount to ensuring these types of breaches do not occur. Banks and corporations are required to follow stringent information security guidelines to avoid large fines and public scrutiny.
- OCC Issues $85 Million Penalty To Usaa Federal Savings Bank
The OCC slapped USAA Federal Savings Bank with an $85 million fine for risk management inadequacies in October. This is the second fine this San Antonio bank has been levied with. According to the Office of the Comptroller of the Currency (OCC), “bank’s failure to implement and maintain an effective compliance risk management program and an effective information technology risk governance program.”
Risk management and compliance programs including Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are mandated by the Bank Secrecy Act and recently passed Anti-money laundering (AML) legislation. Large fines and penalties are being levied around the globe as banks and covered financial institutions (and cryptocurrency exchanges) fail to build proper compliance programs.
- Swedish Bank SEB Fined $107 Million by Regulator For Baltic AML Failures
Skandinaviska Enskilda Banken (SEB) received a $107 million fine in June for Anti-money laundering (AML) failures. SEB, the second largest bank in Sweden, has been fined for failing to , Swedish Financial Supervisory Authority (FSA), the regulatory authority, charged the bank in early June of 2020 and levied the fine which highlights the global issues revolving around Anti-money laundering compliance in the financial services industry, “Despite the elevated risk of money laundering in the Baltics, the bank has done too little, too late,” says FSA director general Erik Thedéen.
Basic AML due diligence includes identity verification, validation, and age verification (to name a few). Not only are AML violations on the rise, victims of complex schemes and fraud are rampant within money service provider industries.
- Western Union Refunds $153 Million For Scam Victims
“Western Union turned a blind eye to the fraudulent payments made through its money transfer system,” says Andrew Smith, director of the FTC’s Bureau of Consumer Protection. Western Union began refunding defrauded customers in March after they were ordered to by theFederal Trade Commission (FTC). The lack of Know Your Customer (KYC) compliance can severely damage an organization and harm millions of account holders.
According to the United States Federal Bureau of Investigations, “The FTC’s complaint against Western Union alleged that for many years, Western Union was aware that fraudsters around the world used the company’s money transfer system to bilk consumers, and that some Western Union agents were complicit in the frauds. The FTC’s complaint alleged that Western Union failed to put in place effective anti-fraud policies and procedures and to act promptly against problem agents.” While in this case, Western Union is said by Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, to have “turned a blind eye,” more banks and Money Service Providers (MSP’s) are unaware of the mandatory KYC/AML regulations that can protect them from these types of horrible situations.
- Citi To Pay $400 Million Occ Fine For Risk Management Failures
One of the world’s largest financial institutions, Citi Bank, has been ordered to pay $400M in a case that brings to light severe risk management issues. The South Dakota bank was found to have been lacking internal controls and financial safeguards including those relating to AML and data governance. According to the consent order, Citibank needs to complete a “thorough redesign of data architecture, re-engineering of processes, and modernisation of system applications and information technology infrastructure.” This is the second fine in which Citi has been hit with in recent years showing its glaring need to update and comply with regulatory mandates and internal financial controls.
- Westpac Agrees To Record Aud 1.3 Billion Fine For Aml Failures
Westpac, one of Australia’s largest banks, agreed to pay a record AUD 1.3 billion ($959m) fine for money laundering breaches in September. According to court filings and Fintech Futures, the financial institution, “failed to keep records related to the origin of the transactions, or carry out “appropriate customer due diligence.” These are major lapses in AML compliance procedures and this underscores the need for both proper, and timely, Know Your Customer compliance as well as ongoing transaction monitoring.
Westpac admitted to 76,000 additional violations including, “failures to reasonably monitor customers for transactions related to possible child exploitation”, and “further failures to assess money laundering and terrorism financing risks.” Compliance officers should take note of the challenges that exist for large banks and reevaluate their preparedness in order to avoid fines and penalties such as those seen in the above cases.
- Compliance Lapses & Fraudulent Accounts Generate Billions In FInes For Wells Fargo
Wells Fargo bank, the fourth-largest in the US, will pay a hefty fine of $3 billion for its failure in security procedures. The Security and Exchange Commission will receive $500 million of the total and plans to use the funds to offer restitution to those customers who were defrauded by Wells Fargo. According to Fintech Futures, the bank “pressured employees to cross-sell products and services, leading them to create millions of fake accounts using forged and fraudulent customer signatures.” Proper Know Your Customer compliance procedures and fraud weren’t incorporated into the account opening process as internal documents showed that, “[e]mployees of the bank were found to be using their own contact details on application forms, so as to ensure that the real customer was never informed about the accounts opened in their name.”
About IDMERIT: Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the on-going development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com