Fines to banks for anti-money laundering (AML) compliance flaws can occur due to various reasons. AML regulations are put in place to prevent financial institutions (FIs) from being used for illicit activities such as money laundering and terrorist financing. When banks fail to meet the requirements and demonstrate flaws in their AML compliance, regulatory authorities may impose fines as a form of punishment. This is where the “failures to fines” situation arises.

Reasons for Failures That Could Lead to FIs Being Fined

Inadequate customer due diligence (CDD): Banks are required to perform thorough CDD to verify the identity of their customers, assess the risk associated with them and understand the purpose and intended nature of the business relationship. Failure to perform adequate CDD can result in fines. Remedial measures may include implementing enhanced customer identification procedures, conducting periodic reviews of customer information and employing technology-based solutions for identity verification.

Insufficient transaction monitoring: Banks are expected to have robust systems in place to monitor customer transactions and detect suspicious activities. If a bank’s transaction monitoring mechanisms are ineffective or if they fail to report suspicious transactions to the appropriate authorities, fines may be imposed. Remedial measures can involve enhancing transaction monitoring systems, employing advanced analytics and machine learning techniques for anomaly detection, and providing regular training to staff members on identifying and reporting suspicious transactions.

Weak AML compliance program: Banks should have a comprehensive AML compliance program that includes policies, procedures and controls to mitigate money laundering risks. If a bank’s program is deemed weak or inadequate, it can lead to fines being levied. Remedial measures may involve conducting a thorough review of the existing AML program, updating policies and procedures to align with regulatory requirements, appointing a dedicated compliance officer and conducting regular internal audits.

Failure to report suspicious activity: Banks are obligated to report suspicious transactions to the relevant authorities, such as financial intelligence units or law enforcement agencies. Failure to report such activities in a timely manner can result in fines. Remedial measures can include providing additional training to staff members on recognizing suspicious behavior, establishing clear reporting protocols and ensuring effective communication channels with regulatory authorities.

Inadequate staff training: Banks must ensure that their employees receive appropriate AML training to understand the risks associated with money laundering and the procedures to identify and report suspicious activities. Insufficient training can lead to compliance flaws and subsequent fines. Remedial measures may involve conducting regular training sessions for staff members, providing refresher courses and keeping employees up-to-date with the latest regulatory developments.

Recent Bank Fines From Which to Learn

Credit Suisse (2022): Credit Suisse, Switzerland’s largest bank, was fined $234 million in October 2022¹ as a result of an investigation by French authorities. As per the authorities, the bank helped customers create entities across the globe in different countries to help clients refrain from reporting certain assets to the French authorities. This was done to evade taxes. As per the French authorities’ estimation, the loss to the tax exchequer was to the tune of 100 million euros ($109.2 million).²

Santander UK (2022): In the last several years, Santander UK plc (part of Santander Group) implemented inadequate know your customer (KYC) solutions, failing to verify the nature of their clients’ business, as well as the purpose of their relationship. Serious allegations by regulators implied that the bank allowed the illicit actors to launder the proceeds of crime easily through the banking channels. The original fine was supposed to be nearly 154 million euros ($198 million), but since the bank did not dispute the decision, it later received a 30% discount on the amount of the fine.³

Case Study—Coinbase Consent Orders (2023)

The Coinbase virtual currency trading platform was evaluated by the New York Department of Financial Services due to significant deficiencies observed in its compliance program (e.g., its KYC processes, the transaction monitoring system, AML risk assessment, OFAC sanction screening, retention of record books, etc.).⁴

Inadequate transaction monitoring: The regulators pointed out that Coinbase did take the remediation by involving an external consultant. However, the compliance program did not meet the scalability required of the growing customer base and business with the company. The transactions were not getting reviewed on time and there was a backlog. By the end of 2021, there were around 100,000 alerts that were months old. Further, there were 14,000 customers requiring enhanced due diligence (EDD) that were in the backlog.

Lack of resources: Coinbase was lacking the tools to keep up the compliance program (sufficient and experienced resources) and the mounting alerts. Thus, the alerts grew to unimaginable levels.

No timely/inadequate remediation: Coinbase did not identify the actual issues in place and tried to plug the gaps without looking in-depth at the issues. Though the company hired an external consultant, they never looked to build up their internal resources to avoid the rising number of alerts or the pending EDD.

Advice for FIs

There are several actions that FIs can take to avoid compliance problems and subsequent fines as shown in Table 1.

Conclusion

The AML program deficiencies that led to fines being imposed upon the FIs mentioned in this article occurred due to the lackadaisical approach of the staff managing the program. Coinbase is a typical example of mismanagement of the AML program, as scalability was not part of the program. The systems were not improved, which led to the fine. Moreover, the steps defined above require constant improvements and updates. However, the success of an AML program depends upon the intentions of the people running the program to improve the framework and avoid failures in the process that could ultimately lead to hefty fines being imposed.

Rajat Gupta, CAMS-RM, compliance officer, Bank of Baroda, Dubai, UAE,

1. Tangi Salaün, “Credit Suisse to pay $234 mln to end French tax probe,” Reuters, October 24, 2022, https://www.reuters.com/business/finance/credit-suisse-settle-french-tax-probe-with-prosecutors-court-hearing-2022-10-24/
2. Ibid.
3. Oraz Kereibayev, “The Largest AML Fines in the World—2023 Update,” The Sumsuber, May 25, 2023, https://sumsub.com/blog/the-largest-aml-fines-in-the-world-2023-update/
4. “Consent Order in the Case of Coinbase,” New York Department of Financial Services, https://www.dfs.ny.gov/system/files/documents/2023/01/ea20230104_coinbase.pdf