Study: Post-financial crisis fines against financial institutions hit $36B

According to a report conducted by Fenergo, a provider of client onboarding lifecycle management software for the financial services industry, fines for non-compliance with Anti-Money Laundering (AML), Know-Your-Customer (KYC), and sanctions regulations surged by 160 percent over the past 15 months, since Fenergo issued its last report. A deeper dive of the results found that 12 of the world’s top 50 banks were fined for AML, KYC, and sanctions violations in 2019.

In a statement, Fenergo CEO Marc Murphy said the rise in financial regulation is “creating a tough battleground for financial institutions trying to stay on top of a multitude of regulatory rules across different jurisdictions. We are still seeing the ramifications from the financial crisis.”

According to Fenergo, two-thirds of all fines issued by U.S. regulators were aimed at European financial institutions for AML breaches and sanctions violations in such countries as Iran, Cuba, North Korea, Sudan, Libya, and Myanmar. In the Asia-Pacific (APAC) region, most of the penalties related to non-compliance with AML and KYC violations in India (14), Chinese Taipei (10), and Pakistan (8).

By country, financial institutions in Switzerland faced the highest fine amount, mainly due to the record €4.5 billion (U.S. $5.1 billion) in penalties that France’s criminal court brought against Swiss banking giant UBS in February 2019 over money-laundering allegations and helping wealthy French clients evade taxes. UBS, which has denied criminal wrongdoing, argued that the conviction was based on “unfounded allegations of former employees” and is currently appealing that ruling.

Following Switzerland, Italian banks faced the second-highest fine amount in 2019, racking up nearly $1.5 billion in total penalties for sanctions violations and non-compliance with the EU’s General Data Protection Regulation (GDPR).

MiFID and data privacy violations

New in this year’s report is an analysis of fines related to non-compliance with the Markets in Financial Instruments Directive (MiFID) and data privacy regulations, including the GDPR, resulting in a total of $82.7 million in fines, according to Fenergo. In fact, 2019 marked the first year that tier-one financial institutions faced punitive fines for MiFID transaction reporting breaches.

Two major fines amounting to $81.5 million were issued by the U.K.’s Financial Conduct Authority for transaction reporting failures over a 10-year period preceding the introduction of MiFID II. The 2019 fine value is 55 times the value of all MiFID II fines issued in 2018 ($1.48 million).

Regarding data privacy violations, 12 fines amounting to more than $1.1 million were issued against financial institutions, including for violations of the GDPR and Hong Kong’s data privacy law, the Personal Data (Privacy) Ordinance, according to Fenergo.

Global enforcement trend

The rise in sanctions fines in 2019 reflects the geopolitical climate. In the United States, 86 percent of all fines levied by U.S. regulators since Fenergo’s last report in 2018 resulted from sanctions violations. “The scale of financial crime continues to grow, while the methods used by criminals to launder the proceeds of crime evolve,” said Rachel Woolley, global AML manager at Fenergo.

Fenergo’s 2019 analysis shows that many of the financial institutions that faced penalties “lacked appropriate systems and compliance infrastructures that are necessary to identify and address areas of high risk,” Woolley said.

One of the most egregious cases was Société Générale, which was hit with a $1.34 billion criminal penalty for sanctions violations resulting from an ineffective sanctions compliance program. In that case, U.S. regulators discovered Société Générale had engaged in 2,600 sanctions-violating transactions in high-risk countries, including Iran, North Korea, and Sudan.

Another enforcement trend uncovered by Fenergo’s analysis is that U.S. regulators are imposing tougher penalties on foreign financial institutions compared with domestic institutions. Since September 2018, U.S. regulators have hit non-U.S. banks with a total of $4.1 billion in fines, including those headquartered in France, Israel, Italy, Switzerland, the United Arab Emirates, and the United Kingdom.

In comparison, U.S. financial institutions have faced $246 million in fines, according to Fenergo. At $216 million, the average fine against EMEA-headquartered (Europe, the Middle East, and Africa) banks was 10 times higher than the average $20 million fine imposed on U.S. financial institutions in the same period.

Compliance lessons

Although fines for non-compliance with data privacy laws have been small in comparison to AML fines, and fewer in number than many had anticipated, “this is largely due to regulators giving financial institutions leeway to embed their controls and demonstrate efforts to comply,” said Laura Glynn, global compliance and regulatory director at Fenergo. “This honeymoon period is waning, so we expect more penalties to arise from non-compliance in 2020.”

To counteract enhanced enforcement activity in 2020, Murphy said that companies have no choice but to leverage next-generation technology “to achieve a more effective and streamlined approach to regulation that allows financial institutions to approach regulatory compliance in a business-as-usual manner.”

For example, many banks today with best-in-class compliance programs are using artificial intelligence (AI) to improve compliance, cut costs, enhance customer experience, and reduce fraud and corruption risk. With the help of AI, banks can perform analytics in real-time to quickly identify patterns, red flags, or anomalies in data to proactively uncover improper activity, like AML violations. Other banks are using AI to categorize customers and identify those that require enhanced due diligence.

“Regulation technology is no longer a nice-to-have,” Woolley said. “It’s essential for the future of banking and the reduction in global financial crime.”

Fenergo will be discussing the findings of its report in a webinar on Feb. 26.