What else could I blog about today but the seemingly daily fines on financial institutions for AML failings? Here’s what has happened (you can see the links to all of these stories on the Newsroom page of my website):
- 22 May: Citicorp agrees to pay US authorities US$97.4 million [about £75.7 million] in settlement of an AML enquiry into the activities of its unit that dealt with Mexican remittances
- 30 May: the Monetary Authority of Singapore fines Credit Suisse and United Overseas Bank a total of S$1.6 million [about £900,000] for AML failings around the 1MDB theft, while the US authorities fine Deutsche Bank US$41 million [about £32 million] for AML failings, AND the Irish authorities fine Bank of Ireland 3.15 million euros [about £2.75 million] for – you guessed it – AML failings
- 2 June: the French authorities fine BNP Paribas 10 million euros [about £8.7 million] for (all together now) AML failings
Now either these regulators are planning maHOOsive summer picnics, or there is something going on. Looking at the detail of the findings (and there’s not much visible to the outsider), common themes are: weaknesses in conducting initial CDD; insufficient monitoring of potentially suspicious transactions; and failing to make timely SARs. The general picture seems to be that the institutions became so focused on profitable/critical business that they failed to spot atypical transactions and activity and – if they do spot it – they fail to report their concerns to the authorities.
As we gird our loins to deal with the obligations of MLD4 (only nineteen days away now) before taking a breath and starting to consider the even-more-complex potential of MLD5, it is worrying to read that so many institutions – large, important, established, international institutions – are still struggling with the absolute basics: keep an eye on your clients and react if they do something odd.