When the G20 first revealed its plans in April 2009, the scale and scope of new reforms was all encompassing. Now, we are seeing how serious the regulatory community is about them. The battle to know your customer provides a first glimpse of just how seriously the industry will take the new reforms.
At the time the new rules were asked for, few questioned why combatting financial terrorism was on the reform agenda for a banking system that had just collapsed. Nevertheless, the G20 commitments contained the demand that the banks clean up the way they look after – and protect – the financial system from abuse by bad people.
The fact is, however, these rules, extending beyond anti-money laundering to sanctions and bribery, were some of the first to go on the books … and now the level of historical compliance is being scrutinised. Much of this ‘hard stuff’ has yet to be written into regulatory rulebooks around the world, but we can see from the early regulatory adopters that it is definitely on its way. The industry has been asked to raise its game significantly in the past nine months.
- Will AML regulation in the EU include tax-evasion type offences?
- How quickly will detailed AML rules go into force globally?
- How will new, unprecedented AML fines influence fines in other regulatory areas?
The EC is releasing the fourth Anti-Money Laundering Directive (AMLD IV) by the end of this year. With the European Supervisory Authority’s Joint Committee guidance expected on the wire transfer and e-money directive in the EU in quarters three and four, as well as the US’ FinCEN’s rule on customer due diligence and the IRS’ FATCA, the second half of 2012 looks to be a busy one for AML and KYC compliance officers across the board.
This means that, not only has the bar been raised on KYC systems and controls, but that it is going far higher. However, and perhaps most importantly, the regulatory approach to dealing with systems and controls problems that occurred when the bar was lower is now a bellwether for banks.
In the past, money laundering reporting officers could fear a ‘light touch’ slap on the wrist or big bosses could put a few million away in a slush fund just in case they were caught out with a violation. But, it is turning out to be a very different story. Why? Because, for the first time, we are seeing real, meaningful and gamechanging penalties for sanctions, bribery and AML, with fines now in the billions.
Out of control or, rather, poorly-managed internal controls are at the heart of recent wave of unprecedented fines. HSBC’s AML transgressions in the US have quickly become the most notable, but probably not the worst, of recent fines. In an incident chief executive Stuart Gulliver called “shameful, embarrassing and very painful”, HSBC was fined $1 billion in July for failing to have sufficient internal controls to prevent money laundering and terrorist financing between 2004 and 2010. This comes after being cited by the Fed, as early as 2010, as having “significant potential” for money laundering, including a backlog of 17,000 unreviewed, suspicious activity alerts. HSBC, despite many apologies for its behaviour, has given the industry reason to expect more, putting away an additional $2 billion to cover any other regulatory rainy days.
In August, Standard Chartered took a very high profile fall when the New York State Department of Financial Services (DFS) settled with the bank at $340 million for record falsification and breach of sanctions in illegal transactions with Iran. And it might not stop there.
SCB’s fines may creep to nearly $1 billion as it pays for its transgression to other US regulators, including the Treasury, Fed and Justice Department.
Moreover, the US action has sparked a wave of other investigations. OFAC is leading investigations into several European banks including Deutsche Bank, Commerzbank, RBS and, most recently, UniCredit. With the Fed and Department of Justice currently investigating internal issues in Iran-related risk at RBS, we can expect this scrutiny to spread to other banks and we may see more hefty fines in the near future.
As if firms weren’t concerned enough about covering their bases for internal controls and sanctions related offences, it turns out they will have to keep a watchful eye out for bribery too, with, not only fines, but jail time also on the horizon. An ex-Morgan Stanley trader is facing nine months prison time under the Foreign Corrupt Practices Act after evading internal controls for both his benefit and that of a Chinese governmental employee. Some commentators ask “so what?” Banks have always been challenged in this ‘grey’ area and always will be – it’s just part of the game.
The reality is that the regulators have woken up to the fact that new systems and technology can be deployed to collect the right information about the system and to monitor it effectively. Of course, they can’t prescribe the architecture or name the systems that ought to be purchased or developed. Nor can they spell out what ‘good’ looks like. They can, however, wield a very big club when they smell something bad.
CXOs will now lie awake at night trying to work out how quickly they can afford to upgrade hundreds of legacy systems and processes without blowing up the bank’s cost/income ratio. How fast they move in the KYC space will largely depend on how much resource they need elsewhere. After all, if you can pay $1 billion for sanctions violations, how much will a bank pay when they are caught in breach of high frequency trading rules or Basel III ratios?
- Huge fines are a key factor in driving AML compliance
- Historical compliance with AML regulation is becoming a part of today’s regulatory scrutiny
- How will the business case for investment in systems and controls be justified?