Noncompliance with AML and GDPR could Ruin Small Banks
Noncompliance is an important topic for banks around the world. If a bank fails to meet compliance standards for certain directives they risk having to deal with severe fines. For small banks, in particular, this could easily become a huge problem under certain directives without knowing it. This lack of knowledge could cause them financial ruin or, even worse, force them to shut down.
AML Compliance Around the World
Between 2007 and 2015, 8 billion dollars was laundered illegally on behalf of Russian, Azerbaijani, and Moldovan in Denmark’s largest bank, Danske Bank. This is a staggering amount of money being laundered. Because of situations like this one, many regulators have allocated their resources toward fighting money laundering schemes in the large banking sector. The global scope of these banks along with their size makes them targets for heavy regulation.
Regulators have limited resources to ensure anti-money laundering (AML) compliance, so this has left smaller banks largely neglected. Smaller banks, with moderate assets and modest banking operations, are often not overseen and scrutinized for AML compliance as closely as large banks are by global financial regulators.
Why Small Banks are at Risk
The specific factors that cause small banks to be taken advantage of for money laundering activities include:
- Regulatory anonymity: small banks are not as closely regulated for AML compliance
- Lax banking regulations toward AML compliance
- Shortage of funds to allocate toward compliance measures
Money launderers are aware of the gap in regulatory AML surveillance between large and small banks. This gap gives them the opportunity to perform money laundering activities in small bank branches with little fear of getting caught.
Money launderers also take advantage of staff in small banks who are often not familiar with AML compliance standards. Small banks have lax policies toward AML compliance because their customer base typically does not require them to be vigilant about criminal activities in their operations. Plus, small banks generally do not have enough money to fully fund AML compliance departments leaving them as open targets for financial fraudsters.
Fines for AML Noncompliance
Since 2009, the United States and European regulators have imposed over $342 billion dollars in fines toward banks for failing to meet AML standards. These fines are expected to continue rising upwards of $400 billion dollars by 2020.
Several banks have been fined for failing to meet AML compliance standards in 2017:
- The Deutsche Bank was fined $41 million dollars
- BNP Paribas was fined $246 million dollars
Other banks are being investigated and could face billions of dollars in fines for AML noncompliance:
- The Commonwealth Bank of Australia
- The Commercial Bank of China
Not complying with AML rules is taken seriously by regulators. Whether a small bank has the resources to meet AML compliance or not, this is not a sufficient excuse. If a small bank is found to be an accessory to a money laundering crime, they risk being fined millions in penalties by regulators. This would likely be a death blow for small banks and their operations.
GDPR Compliance Around the World
GDPR is a set of consumer privacy regulations set forth by the European Union. It dictates that any European Union (EU) citizens and residents are protected under its jurisdiction. This suggests that any EU citizen living in the United States does not fall under GDPR regulations. In contrast, a US citizen living in Spain, an EU country, would fall under GDPR.
For banks, these regulations can be quite tricky to maneuver.
How Small Banks are at Risk
Large banks are generally global understand that GDPR regulations apply to them. This has caused many of them to spend millions of dollars to meet these standards and apply a broad compliance approach to its customer base.
Small banks, in contrast, are at risk for not meeting GDPR compliance because:
- Lack of understanding about GDPR
- Inadequate resources available to perform user research
- Shortage of funds to put toward compliance measures
Small banks are not fully aware if they need to follow GDPR. Since they have more targeted markets, they do not always know if it is necessary for them to follow international regulations.
In order to determine if GDPR compliance is necessary for a small bank, the first step a bank must take is to perform a privacy risk assessment. Small banks need to look at data from their users and determine how many of their customers are from the EU. If they find that they are regularly doing business or marketing to EU consumers, then at that point they know that GDPR applies to them and measures need to be taken to comply with GDPR.
Having the ability to perform this test can be burdensome and expensive for small banking operations. Regardless of this, they must comply or risk large fines from regulators. If a small bank assumes they do not need to comply with GDPR and they actually do, it can get costly if they are found guilty of not complying with regulations.
Fines for GDPR Noncompliance
GDPR fines can range as high as 20 million euros or 4% of the total global annual turnover of the previous financial year. Within hours of GDPR taking effect this May, Facebook and Google were hit with consumer privacy complaints from users. This could cost them $9.3 billion total in fines.
Fines this high could put any small banking operation at risk of failure. It could severely hurt the institution and force them to shut down. While meeting GDPR compliance seems like a hassle, dealing with bank closure is even worse. This makes it is a worthwhile investment for small banks to meet GDPR standards.