Financial institutions have been hit with $10.4 billion in global fines and penalties related to anti-money laundering (AML), know your customer (KYC), data privacy, and MiFID (Markets in Financial Instruments Directive) regulations in 2020, bringing the total to $46.4 billion for those types of breaches since 2008.
That’s according to analysis conducted by Fenergo, a provider of client onboarding lifecycle management software for the financial services industry. The report, covering up to its release date Dec. 9, says there has been 198 fines against financial institutions for AML, KYC, data privacy, and MiFID deficiencies, representing a 141 percent increase since 2019.
Rachel Woolley, global director of financial crime at Fenergo, cited two notable shifts in this year’s report. The first is that the APAC region (Asia-Pacific) surpassed the United States in value of fines for the first time since 2015, driven by recent activity from the Financial Action Task Force and the repercussions of the 1MDB scandal. Fines issued in the APAC region hit $5.1 billion, compared to $4.3 billion in total fines levied by U.S. authorities against the financial services industry.
Following the United States, other countries that issued the most fines by value were Malaysia ($3.9 billion); Australia ($921.5 million); Sweden ($550 million); and the United Kingdom ($199 million).
Regulators in the APAC region, including the Malaysia Securities Commission, and AUSTRAC in Australia were among those who handed out the largest enforcement actions related to 1MDB fallout and the Westpac money-laundering scandal, respectively.
Collectively, financial institutions headquartered in the United States were hit with the most expensive fines, at $7.5 billion. However, fines against Goldman Sachs related to 1MDB accounted for 91 percent of the U.S. total ($6.8 billion).
The second notable shift observed by Woolley since last year’s analysis was an increased focus on individual penalties compared to previous years. According to Fenergo, 203 individuals were fined a total of $88.8 million for AML and MiFID breaches by regulators and authorities in China, Europe, and the United States. “While banks may hold reserves explicitly to settle enforcement actions, individuals will suffer a far greater personal impact,” Woolley said.
Fenergo’s analysis also noted a significant uptick in data privacy fines against financial institutions this year. While penalties under the EU’s General Data Protection Regulation (GDPR) were comparable to 2019 at $1.7 million, the number of data privacy fines issued in the APAC region increased significantly—e.g., a $529,027 fine issued in India and seven fines issued in China totaling $6.3 million.
Globally, data privacy fines amounted to $88.6 million. The most significant was $80 million against Capital One by the U.S. Office of the Comptroller of the Currency (OCC) for the bank’s failure to establish sound risk management processes and internal controls related to its 2019 data breach.
In 2020, there was just one significant sanctions-related fine against a financial institution, according to Fenergo, and it was a record £20.4 million (U.S. $24.9 million) issued by the Office of Financial Sanctions Implementation (OFSI) against Standard Chartered Bank for a “most serious” breach by providing around £97.4 million (U.S. $119.1 million) in loans to a Russian bank in the Ukraine. In comparison, U.S. regulators issued nine fines totaling $2.4 billion against foreign banks in the United Kingdom and Italy for sanctions violations in 2019.