Global Financial Institution Fines for AML and Data Privacy Fall 47% in H1 2021

Volume and value of fines down 26% and 47% respectively in H1 2021 from 2020, as fallout from major scandals passes

London, Dublin, New York, Singapore – 19th August 2021: Fenergo, the leading provider of digital transformation, customer journey and client lifecycle management (CLM) solutions, today released its findings on global financial institution fines for the first six months of 2021. The report shows that for the year to date, penalties have totalled $937.7 million for non-compliance with Anti-Money Laundering (AML), Know your Customer (KYC) and data privacy regulations. The total volume of fines levied to financial institutions for these breaches was 85, a year-on-year drop of 26%. The average value of enforcement actions against financial institutions for AML-related compliance breaches is 40% lower than in 2020.

Notable findings of the H1 analysis:

  • Major action against a US-headquartered retail bank totalling $390 million for breaches of the Bank Secrecy Act between 2008 and 2014
  • In the first half of 2021, three fines amounting to $9.1 million were issued by the Office of Foreign Assets Control (OFAC) to a bank, a digital assets firm and a payment processing provider for sanctions violations related to Syria highlighting a more punitive response from the regulator compared to 2020 ($1.3m in total fines)
  • Global data privacy fines to financial institutions amounted to $7.6 million – with prominent action in Norway and Spain, including the largest fine ever issued by the Agencia Española de Protección de Datos (AEPD) at $7.3m
  • North America has issued the largest share of fines ($716 million) at an average value of $29.8m vs the average value of $4.9m in Europe
  • Six fines (UK, Malta, Dubai and Lithuania) totalling $14.3m related to gambling and gold trading were issued in H1 2021 – highlighting an increased focus on AML regulation and a widening of the net beyond financial services to fight money laundering
  • Approx. five individuals in the US, France and UAE were fined $8.3 million for their role in AML violations at financial institutions
  • Enforcement action ($79.7m) was taken against a leading Swiss wealth management firm for its involvement in channelling the proceeds of bribery associated with FIFA and broadcasting rights for major football tournaments from 2013-15
In recent years, the enforcement actions levied against financial institutions have been at record highs as a number of major scandals were investigated and concluded by regulators. This year we’re seeing something markedly different, with the total value of fines issued at the halfway point of the year much lower than last year. That’s not to say we won’t see the full year totals reach their typical levels with conclusions due across several significant AML cases. We continue to see enforcement action driven, at least in part, by recent FATF activity as countries facing scrutiny clampdown on perceived weaknesses in their regulatory regimes. We’re also seeing the continuation of the trend in fines aimed at non-financial firms such as gambling companies as regulators look to close the net on criminals.

It’s important to note too that while the volume and the value of enforcement actions may be down on previous years, that doesn’t mean there is less financial crime occurring. The scale of fraud that took place during the pandemic, particularly in the US, will prompt investigations into financial institutions for facilitating the crimes due to ineffective systems and controls. This will lead to enforcement actions further down the line.”

Countries that issued the most fines by value:

  • USA  $711,206,765
  • Switzerland  $85,210,112
  • Norway  $48,339,685
  • UK  $32,954,630
  • UAE  $12,895,393
Fines to gambling firms and other non-financial services providers were not included in the overall total
 

There was also a significant uptick in data privacy fines to financial institutions this year. GDPR related fines totalled $7.6 million – not far off the full year fine value of $8.2 million for 2020 – with European countries including Norway and Spain taking robust action for breaches of customer data privacy. The most significant fine levied for data privacy was to a major Spanish bank for unlawfully processing clients’ personal data and not providing sufficient information regarding the processing of personal data. This $7,293,079 action levied by the Spanish data protection authority, AEPD, is the largest fine it has ever issued.

Financial crime today is ever-evolving and as an industry it is critical that we establish a common best practice approach and replace onerous manual KYC and AML risk assessment and compliance processes with technology and tools that enable financial institutions, authorities and non-financial firms to collaborate and better detect and prevent financial crime. This will also equip firms with the capabilities to identify potential risks posed by politically exposed persons (PEPs) and known close associates amid growing geopolitical turmoil. The goal is to create an environment where illicit activity is not commercially viable.”

Notes: All monetary amounts mentioned in this press release is expressed in US dollars.