Global financial institution fines for AML, data privacy and MiFID breaches rise 26% in 2020

Financial markets digital transformation and CLM solutions company Fenergo released its annual findings on global financial institution fines which show that for the year to date, penalties have totalled $10.4 billion for non-compliance with Anti-Money Laundering (AML), Know your Customer (KYC), data privacy and MiFID (Markets in Financial Instruments Directive) regulations.

The total volume of fines levied to financial institutions for these breaches was 198, a year-on-year increase of 141%. The average value of enforcement actions against financial institutions for AML related compliance breaches is 44% lower than in 2019.

Notable findings of the annual report:

–          Landmark action against Goldman Sachs totalling $6.8 billion (from multiple regulators) for its involvement in 1MBD scandal – including the second biggest enforcement action imposed against one bank since 2015

–          Major Australian bank fined almost $1bn for its money laundering scandal with links to serious crimes

–          In 2019 nine fines amounting to $2.4 billion were issued by US regulators to foreign banks (UK and Italy) for sanctions violations. This year there was just one significant sanctions fine by the Office of Financial Sanctions Implementation (OFSI) to a UK bank for breaking Russian sanctions violations. It was the largest ever fine imposed by the regulator at $25.4 million

–          203 individuals were fined $88.8 million for AML and MIFID breaches in US, Europe and China

–          Global data privacy fines amounted to $88.6 million

Rachel Wolley, Global Director of Financial Crime at Fenergo said “2015 was a record year for enforcement actions but 2020 has the potential to match or top that year’s total if significant investigations are concluded by the end of the calendar year. There have been two notable shifts, APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 – driven by recent FATF activity and the repercussions of the 1MDB scandal, and there has been an increased focus on individuals being penalised than we have seen in previous years.”

“In addition to imposing penalties on financial institutions, regulators and authorities in China, the UK and the US have held individuals accountable for compliance failings. While banks may hold reserves explicitly to settle enforcement actions, individuals will suffer a far greater personal impact. This along with greater whistleblowing protection and incentives will make a difference in tackling the industry-wide issue of financial crime” said Ms Woolley.

 Regulators in APAC, including the Malaysia Securities Commission and AUSTRAC in Australia, were among those handing out the biggest enforcement actions to banks involved in the 1MBD scandal and the Australian bank embroiled in a high-profile money laundering scandal.  However, the U.S. Department of Justice was also more punitive this year, issuing enforcement actions totalling $1,924,071,850 to Goldman Sachs, Bank Hapoalim and Union Bancaire Privée.

Collectively, financial institutions headquartered in the US received the highest value of fines, accounting for $7,489,785,116.  The fines levied towards Goldman Sachs accounted for 91% of the US total.

Marc Murphy, CEO of Fenergo said “It is estimated that fewer than 1% of criminal funds laundered through the financial system gets confiscated by authorities. The recent FinCEN files has proven that the industry must work better together to address this growing problem. We must establish a common best practice and replace onerous manual Know Your Customer (KYC) and Anti Money Laundering (AML) risk assessment and compliance processes with technology and tools that enable financial institutions, authorities and non-financial firms to better detect and prevent financial crime.”

Countries that issued the most fines by value:

–          USA:  $ 4,348,701,664

–          Malaysia: $ 3,900,000,000

–          Australia: $ 921,587,910

–          Sweden: $ 550,169,770

–          UK: $ 199,306,927

There was also a significant rise in the number of data privacy fines this year while the administrative sanctions handed out for MiFID violations are lower in volume and value compared to 2019. In 2020 a total of 36 fines were issued to financial institutions and individuals at the value of $7 million, compared to 2019 when two fines alone amounted to $81.5 million.

On the data privacy side, while GDPR fines are comparable to 2019 at $1.7 million, the number of data privacy fines issued in the APAC region increased significantly with a large $529,027 fine issued in India and seven fines issued in China totalling $6,338,969. The most significant fine levied for data privacy was to Capital One for $80,000,000 by US regulator, Office of the Comptroller of the Currency (OCC), for its 2019 cloud data breach.