Sanctioned Individuals, fraudsters, and terrorists regularly attempt to take advantage of entities with weak KYC measures to freely transact and launder potentially illegally derived funds.
Regulated entities are required to take appropriate AML measures to prevent criminals from abusing their products of services, starting from basic KYC which will enable them to mitigate the risks associated with a business relationship.
KYC, means Know-Your-Customer. It is an absolute requirement for all entities subject to anti-money laundering (AML) laws. It is not a checkbox exercise. Regulated entities must understand their customer and their business activities.
Failure to comply with KYC requirements can result in heavy penalties, sanctions, and in some cases, significant reputational damage. Such trouble could even threaten the viability of a business.
What we can learn from penalties for KYC failures in 2022
2022 has been another year with hefty fines imposed on regulated entities. So, let’s see what we can learn from these:
Danske Bank Estonia
In December 2022, Danske Bank pleaded guilty to defrauding US banks and agreed to pay a $2bn penalty to resolve one of the biggest money-laundering scandals in recent years.
Danske’s Estonia branch allowed non-resident customers, including Russian customers, between 2008 and 2016 to transfer large sums of money “with little, if any, oversight” on the customers and their transactions. These practices gave “high-risk customers” access to the US financial system.
The Estonian branch of Danske Bank, from 2007 to 2015 processed $160bn through US institutions on behalf of high risk clients and conspired with these clients to conceal the actual nature of the transactions, often via shell companies.
Lessons learned: Inadequate KYC measures, willful blindness, and corruption can expose a financial institution to significant risks, including financial and reputational damages.
Santander UK Plc
One of the most significant fines in 2022 was imposed in the UK by the Financial Conduct Authority (FCA) on Santander UK Plc in December 2022.
FCA imposed Santander UK a penalty of £108 Million. As per the announcement, between 31 December 2012 and 18 October 2017, the bank did not take reasonable care to organize and control its affairs responsibly and effectively and did not establish and maintain an effective risk-based anti-money laundering (“AML”) control framework.
In one highlight example, a business banking customer opened an account with Santander based on providing translation services with a declared estimated monthly account turnover of £5,000.
As it turned out, that customer had misrepresented the true nature of its business and appeared to operate a money service business, receiving and making payments on behalf of its customers.
Large amounts of funds started flowing through the account, although numerous red flags and warnings were raised. By the time it was closed, 3.5 years had passed, and approximately £269 million had passed through it.
According to the FCA, Santander UK failed to take reasonable care to organize and control its affairs responsibly and effectively, with adequate risk management systems.
Lessons learned: KYC and Customer Due Diligence (CDD) are essential when onboarding customers, but they should be considered an ongoing process. Transaction monitoring is a crucial element of CDD. Entities are required to regularly compare the economic profile of the client with the actual account activity.
Ghana International Bank Plc
In June 2022, the FCA fined Ghana International Bank Plc (GIB) £5,829,900 for poor anti-money laundering and counter-terrorist financing controls over its correspondent banking activities offered between 1 January 2012 and 31 December 2016.
GIB failed to demonstrate that it had assessed the respondent banks’ anti-money laundering controls. GIB also was unable to undertake annual reviews of the information of the respondent banks, failed to provide adequate training to its staff on how to scrutinize transactions appropriately, and did not establish appropriate policies and procedures.
Although the regulators detected no evidence of actual money laundering, the risk of money laundering due to these deficient systems was significant.
An FCA official stated that “firms are gatekeepers of the financial system and have vital obligations to ensure they are not used to facilitate or perpetrate financial crime. These failings meant that GIB could not identify and assess the risks posed by its correspondent bank customers and properly scrutinize transactions worth £9.5 billion processed on their behalf during the relevant period.”
Lessons learned: Banks offering correspondent services must conduct due diligence on the respondent banks, implement appropriate policies and procedures and provide training to its staff on how to prevent and detect money laundering.
Although these financial institutions were penalized for “old sins,” those mistakes cost them. Therefore, banks should improve their systems to prevent future KYC failures.