AML Fines: Recent Most Famous Cases

Mažvydas Miliauskas
Author
Mažvydas Miliauskas, CAMS
Published
May 17, 2024
AML fines

For many years, the banking sector has been the leading recipient of AML violations and AML/KYC-related fines and penalties.

Almost every year there is a new article about how the biggest names in the industry have failed to implement controls to address the risks of money laundering and terrorist financing. Or have done so inadequately in the eyes of regulators. What do these AML violations tell us?

Well, for one thing, even the biggest financial institutions have not got it all figured out. And simply throwing more money at the problem will not be enough to get the proper level of controls in place.

In addition, it is always worth “double-clicking” on the key reasons for the AML penalties.

In this blog post, we’ll look at the underlying reasons why. As well as the top five AML penalties globally in 2023 that were related to AML/CFT compliance-related controls.

Why are ML/TF risks constantly evolving?

There is a saying that “you either grow or you die”. And the same is true for financial crime compliance risks. The world itself is rapidly changing and evolving. 

As humans, we are always looking for ways to make things simpler. And we keep introducing new tools. For example, blockchain technologies, cryptocurrencies and, of course, artificial intelligence.

30 years ago, it could take a long time to send money to another country. Today, funds can be transferred almost instantly. But the money launderers are not far behind. They can also leverage these features and are simply adapting to the new reality.

For example, fraudsters are the real “artists” these days. And they take little or no time to come up with new ways to defraud people. So innovation brings risks as well as benefits. 

As criminals adapt, so do the “gatekeepers”. Such as financial institutions and other high-risk industries (e.g. casinos, estate agents). They do so by reviewing their existing controls. To make sure that they are still working as intended. And that there are no gaps for potential AML violations. 

As a result, it is impossible to completely eliminate the risk of anti money laundering and terrorist financing violations.

Potential for AML related fines

Back in 2011, the United Nations Office on Drugs and Crime (UNODC) published an important article. It is entitled “Estimating Illicit Financial Flows Resulting from Drug Trafficking and Other Transnational Organised Crimes“. It states that the estimated amount of money laundered annually was somewhere between 2% and 5% of the global GDP. Or between USD 320 billion and USD 800 billion (at that time).

While the figures seem huge, let’s fast forward to 2022 (as the figures for 2023 are not yet available). 

According to the World Bank, the global GDP in 2022 will be USD 101 trillion. Let’s apply the same ranges between 2% and 5%. So we are looking at numbers between USD 2.02 trillion and USD 5.05 trillion. That is more than six times higher than in 2011. 

There is a lot more money at stake. This is where the regulators come in with the AML fines and sanctions for identified AML violations. 

Biggest AML penalties before 2023 (the context)

HSBC AML fine

Some of you may recall that in 2012, regulators hit HSBC Bank with what was then a record fine of $1.9 billion. It was for failing to implement anti-money laundering controls and deliberately flouting US sanctions.

In short, they knew that their client portfolio included Mexican cartels. And that they were moving money for countries like Iran and North Korea. While the amount seemed huge, if you dig deeper you can see that in reality it didn’t hurt HSBC. Because they made a profit of $16 billion in 2012. 

This means that it took them 1.5 months to make the money back. One of the considerations was that HSBC is one of a small group of global systemically important banks. And therefore higher AML penalties could lead to another financial crisis. 

However, the indirect message was that liquidity comes before compliance. While the US sanctions were deliberately flouted, no one was held personally accountable. It seems that the risk/reward ratio was quite attractive. 

Danske Bank AML violations

Prehistory

A series of articles spreads the news that Danske Bank has been involved in a money laundering scandal, prompting an internal investigation. After the investigation was completed, CEO Thomas Borgen leaked the results to the media and resigned under pressure. 

It was confirmed that between 2007 and 2015, more than €200 billion in funds from opaque sources, including Russia and former Soviet states, flowed through the Estonian branch’s non-resident portfolio. 

This led to several other regulatory investigations in different countries (e.g. Denmark, Estonia, the United States, etc.). What was the outcome? 

The bank was kicked out of Estonia. Its reputation suffered as it awaited for the results of the investigations. And some of its former employees were imprisoned. 

Consequences

Many years later (in December 2022), Danske Bank agreed to pay around USD 2 billion. Just to settle a wide-ranging investigation into its anti money laundering violations. 

One of the things that Danske Bank did really well during this period was to communicate with the media. They quickly admitted the findings and created distance from the event. They emphasized that they had resolved these issues. And that they were no longer the same bank as in the 2007-2015 period. 

On the other hand, we had Birgitte Bonnesen, who was fired as CEO of Swedbank when she “repeatedly spread misleading information” that the bank had no problems with its anti-money laundering processes in Estonia (spoiler alert: they did have problems). You can be sure that Danske Bank now looks at the ‘risk/reward’ ratio from a completely different perspective than it did 10 years ago.

1MDB AML fine

One of the most honorable mentions is the 1Malaysia Development Berhad (1MDB) scandal, where the fund has been systematically embezzled since 2009, with the perpetrators siphoning off assets around the world. 

The then prime minister, Najib Razak, diverted some US$700 million from 1MDB into his personal bank accounts. 

The alleged mastermind of the scheme, Jho Low, was central to the international movement of funds through shell companies and offshore bank accounts. 

At the heart of the scheme was the American investment bank Goldman Sachs. Bank reportedly received fees of up to USD 300 million for the deal. 

Nevertheless, Goldman Sachs was charged under the Foreign Corrupt Practices Act and agreed to pay over USD 2.9 billion in a settlement with the US Department of Justice (DOJ). Others have also been charged, and recently the former head of Goldman Sachs in Malaysia was jailed for 10 years in connection with the scandal. 

AML fines in 2023: the year of diversity

As mentioned above, regulators have consistently fined the banking sector the most for lack of compliance controls.

However, 2023 could be a turning point as Designated Non-Financial Businesses and Professions (DNFBPs) start to receive more attention from regulators around the world. 

As you can see from the table below, the banking sector accounted for 2 of the top 5 largest AML fines. We delve into more detail below on the top 3 AML violations.

Top AML fines in 2023

Size of the AML fineName of the institutionSectorReason
USD 4.3 billionBinanceCryptocurrency exchangeInvolvement in money laundering, unlicensed money transmission, sanctions violations
$450mCrown ResortsCasinoAML breaches and failure to assess money laundering and terrorist financing risks in Melbourne and Perth casinos
$186mDeutsche BankBankingInsufficient AML controls and programs, risk and data management issues
$50mBank of QueenslandBankingViolation of the judicious standards and disregard of AML laws
£19.2mWilliam HillBetting/Online casinoFailure to implement social responsibility and anti-money laundering procedures

#1 – Binance 

Binance is one of the largest cryptocurrency exchanges in the world. And won the gold medal for the largest AML penalty in 2023. 

The company and its CEO Changpeng Zhao (or CZ) pleaded guilty and agreed to pay a $4.3 billion fine. This was paid for willful violations of anti-money laundering and sanctions laws. According to media reports, they allowed money to flow through their platform to terrorists, cybercriminals and child predators.

It has been reported that the company failed to register as a money transmitter. Company also did not implement comprehensive know-your-customer (KYC) protocols or systematically monitor transactions. And Binance never filed a suspicious activity report (SAR) with FinCEN (the FIU), reports said.

Regarding to the media, it turned a blind eye to its legal obligations in the pursuit of profit (knowing it was breaking the law), which is why the regulator did not hold back on the size of the fine. News like this cannot go unnoticed, so other regulators are starting to look at your business. 

Recently, the Financial Transactions and Reports Analysis Centre of Canada announced that it had fined the company $4.38 million for violating money laundering and terrorist financing laws and failing to register (sound familiar?).

Looking at the company’s data, it is stated that the company made a profit of around USD 900m in 2020. However, there is no information on their profits since then. This raises some questions and makes it difficult to assess the impact of the USD 4.3 billion AML penalty on the company. Additionally, authorities recently sentenced CEO CZ to four months in prison. This was after pleading guilty to violating US money laundering laws, which seems extremely generous. On a more positive note, Binance stated that it invested $213 million in its compliance programme in 2023 (+35% increase). 

#2 – Crown Resorts

Authorities consider casinos a higher risk industry worldwide. They categorize them as DNFBPs, subjecting them to AML/CFT laws.

Crown Resorts admitted that its AML/CTF programs weren’t based on appropriate risk assessments. And didn’t have adequate systems and controls to manage the risks. And weren’t subject to adequate oversight by its boards and senior management. 

The company continued to do business with a major casino junket operator until 2021. Did that despite being aware of allegations that the operator was linked to organized crime, failed to adequately monitor billions of dollars of transactions and failed to report suspicious activity to AUSTRAC and law enforcement agencies. 

The $450 million fine for AML violations is one of the largest ever imposed on a casino worldwide. And the third largest corporate fine in Australia. 

One of the most interesting parts was that the company had to be sold to Blackstone Inc (possibly due to a lack of proper governance that did not go unnoticed by AUSTRAC). 

#3 – Deutsche Bank

Prehistory

Although Deutsche Bank did not receive the largest AML fine in 2023, it deserves closer attention. It is like several of the companies mentioned above, which could end up being the next biggest compliance-related scandal (at least at the EU level). We will expain why.

The US Federal Reserve slapped the German lender with a $186 million AML penalty. It was for failing to address “unsafe and unsound practices” that it promised to address back in 2015 (almost 10 years ago, when it ended its relationship with Danske Bank!).

The US regulator said that while “some progress” had been made recently, Deutsche Bank’s US operations “remained exposed to heightened compliance risk… including the risk of failing to detect money laundering activities or violations of US sanctions”. What’s more, the Fed found that Deutsche Bank had not made sufficient progress since 2018 in strengthening its anti-money laundering controls, improving customer due diligence and ensuring sanctions compliance, among other things.

The Fed had already fined the bank a total of $99 million in 2015 and 2017 for the same issues. In short, they didn’t care about improving their AML controls until the regulator came knocking every few years. This should be seen as unfair to other market participants, as much smaller organizations are required to address the issues in a much shorter timeframe. 

Systemically important

This situation shows that even after being fined for AML violations, banks are unwilling to change or prioritize compliance because they have had more than enough time. And why should they? According to their 2023 annual report, they made a profit of €4.9 billion after tax. This means that it takes Deutsche Bank 0.5 months to earn back the money for such fines. So they may even have a better ‘risk/reward’ ratio than HSBC did in 2012. 

Regulators have also designated Deutsche Bank (like HSBC) as a global systemically important bank. So they may have a ‘too big to fail’ mentality built into their risk appetite. As a result, they contributed to the 2008 financial crisis. They are not concerned about dealing with sanctioned countries such as Russia, even after being implicated in the mirror trading scandal in 2016. As of this writing, they continue to operate in Russia and support the war machine through taxes.

In November 2023, Germany’s financial watchdog (BaFin) threatened Deutsche Bank with a fine if it failed to take action on money laundering and terrorist financing controls. If it fails, Bafin should take into account all of the above and consider a significant fine that would move the bank away from the ‘legal-for-a-fine’ mentality. This could also help Bafin rebuild it’s reputation after the Wirecard scandal or be a good start for the AMLA.

False information

Deutsche Bank said it has “invested significantly in controls” since 2019, increasing the size of its global anti-financial crime team by more than 25% to more than 2,000 employees. But it’s not just the size of the team. Because you can increase the number of KYC analysts, but if the process is bad, you can’t expect things to change. There is also a lack of commitment in terms of whether these people are senior enough to make some changes. And whether they have the necessary skills to fix the problems. 

In March 2024, Bafin fined Deutsche Bank €50,000 for providing false information about a serious customer-related IT security incident in its payment services in 2023.

Conclusions and AMLYZE approach

Playing by the rules and complying with the law is a must in today’s world. Especially for those who don’t want to put the brakes on AML violations. 

If some companies tend to put profits before compliance, then the regulator needs to step in. To ensure that these companies do not illegally gain a competitive advantage. And if they do, they should be punished accordingly so that this is reflected in their actions.

At AMLYZE, we always say that investment in AML/CFT and compliance will always pay greater dividends than in AML penalties.

Failure to comply with AML regulations is not just a question of what sanctions and AML fines you will receive and have to pay to the regulator. It is also about how much you are willing to risk your reputation. Trust is often the key to success in the financial world. And indifference to AML/CFT regulations can lead to huge, if not colossal, losses.

That is why we invite you to take a closer look at our core products: Transaction monitoring, Customer Risk Assessment, AML Investigations and Screening.

About the author

Mažvydas Miliauskas
Author
Mažvydas Miliauskas, CAMS
Mažvydas is AMLYZE contributing author. CAMS certified high achiever who is passionate about financial crime compliance, ML/TF typologies and enterprise risk management.

Related

What is AML
Blog

What is Money Laundering? A Quick Explanation

Explanation of money laundering and history of it, the most common techniques used and the impact it has on the economy.
by Mažvydas Miliauskas, CAMS
11 min read