Insight

Top 5 fines of 2018: Lessons Learned from Enforcement Action

Written by Simone Jones on Monday December 17, 2018

In keeping with tradition, I’m taking a look at some of the big enforcement actions by regulators over the past year.

As Father Christmas prepares his list of who has been naughty or nice, I thought it would be interesting to take look at enforcement action in 2018 from around the world and consider some New Year’s resolutions that compliance professionals may want to make in 2019.

5) Commonwealth Bank of Australia

The largest fine ever issued by Australian Transaction Reports and Analysis Center (AUSTRAC) was agreed with the Commonwealth Bank of Australia for AUD$700 million.

In the agreement, Commonwealth Bank of Australia admitted to breaching the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 on 53,750 occasions.

The investigation centered on the bank’s Intelligence Deposit Machines (IDMs), which are a type of ATM allowing customers to deposit cash and cheques directly into their accounts. IDMs were identified as being used to launder the proceeds of crime, including several millions of dollars by criminal syndicates[PDF].

The Commonwealth Bank of Australia’s controls were weak and didn’t appropriately identify, mitigate or manage the money laundering and terrorist financing risks. In addition, a software error with the IDMs led to the failure to report threshold transaction reports.

New Year’s Resolution: Carry out a full risk assessment of all new products and services, ensure assessments are kept up to date and that controls are in place that appropriately manage the risk.

4) INGBank NV

ING were fined €775,000,000 by the Netherlands’ Public Prosecution Services for violations of the Anti-Money Laundering and Counter Terrorism Financing Act.

The bank was accused of culpable money laundering, as during the period between 2010 and 2016 they failed to prevent bank accounts from being used to launder ‘hundreds of millions of euros’. ING reportedly took insufficient action to identify that cash flows through bank accounts may have originated as a result of crime. The investigation into ING came after the subjects of a number of criminal investigations were found to have held accounts at ING, leading to concerns around the adequacy of the bank’s controls.

The notice from the Dutch prosecutor detailed four cases where criminals were able to use ING accounts, including alleged bribes paid by VimpelCom to Uzbek officials and an underwear trader who laundered approximately €150,000,000 using ING accounts. These cases, and others which were not detailed in the notice, highlighted that ING failed to identify suspicious activity and have adequate controls in place.

New Year’s Resolution: Always consider how criminals can misuse your firm. Anti money laundering is not theory or a checklist to be complied with – ultimately, it’s about ensuring that criminals are not able to benefit from their criminally derived assets.

3) Canara Bank

The UK regulator, the Financial Conduct Authority (FCA), fined Canara Bank £896,100. Whilst one of the smallest fines on our list, the Final Notice [PDF] does provide fascinating insight into what can go wrong at a firm when the senior leaders do not place fighting financial crime as a priority.

In addition to the fine, a restriction was imposed on Canara Bank which prevented them from accepting deposits from new customers for a period of 147 days.

The FCA detailed that Canara Bank had systematic failings across almost all levels of its business in its ability to manage the risk of money laundering and financial crime. Notably, the senior management failed to understand both AML risks and regulatory requirements, allowing a culture of minimal or non-compliance to persist.

The UK regulator had previously raised concerns over Canara Bank’s systems and controls, highlighting the importance of ensuring that warnings are heeded, and any action plans are adequately implemented.

Perhaps the New Year’s resolution for this one should be to read the full final notice, however if we had to narrow it down to one…

New Year’s Resolution: Ensure that senior managers fully understand their regulatory responsibilities regarding financial crime and embed a culture of compliance.

2) Tesco Personal Finance

The FCA’s largest fine of the year was imposed on Tesco Personal Finance PLC at £16,400,000 for failures relating to a cyberattack that occurred in November 2016 in which its personal current account holders were left vulnerable.

The attack didn’t result in the loss or theft of any customer data, but involved attackers generating authentic bank debit cards numbers, most likely using an algorithm. Those ‘virtual cards’ were then used to carry out unauthorised transactions, ultimately netting the attackers £2.26 million.

The FCA found that the cyber attackers exploited deficiencies at Tesco Bank in an attack lasting over 48 hours, which was deemed to be largely avoidable.

New Year’s Resolution: Ensure that systems are in place to reduce the risk of cyberattacks occurring, and in the event that one does occur, ensure you have a response plan to protect customers as quickly as possible.

1) Société Générale S.A.

In the second largest fine ever imposed for violations of US economic sanctions, Société Générale S.A. were fined $1.3 billion as part of a global settlement, including a deferred prosecution agreement, with a number of US authorities.

$53,966,916.05 of the fine was issued by The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) for processing US dollar transactions that violated OFAC sanctions on Cuba, Sudan and Iran. [PDF].

The period spanned 5 years up to 2012, with Société Générale wilfully violating US sanctions law and concealing those violations.

The conduct in question involved Société Générale processing transactions for individuals and entities subject to OFAC sanctions, removing references to the sanctioned parties in the information sent to US financial institutions involved in the transaction.

New Year’s Resolution: In the words of US Attorney Geoffrey S. Berman: ‘Other banks should take heed: Enforcement of U.S. sanctions laws is, and will continue to be, a top priority of this Office and our partner agencies.’

What does this mean for 2019?

Enforcement action is set to continue, with scrutiny on Danske Bank following a money laundering scandal involving its Estonian Branch and HSBC’s 2018 interim results detailing $632 million which has been set aside for settlements arising from various investigations regarding tax evasion and money laundering, which could rise to $1.5 billion.

Although we have concentrated on enforcement action against firms, it’s also important to remember that individuals are targeted too. The FCA recently fined the former CEO of Sonali Bank (UK) Limited £76,400 for his part in the bank’s AML failings.

To me, this enforcement action highlights that understanding the financial crime threat your firm faces, and your own responsibilities, remains critically important.

You may also like: