The biggest AML fines in 2023

In 2023, the rising complexity of financial crime led regulators to increase the penalties imposed on financial institutions (FIs) for insufficient anti-money laundering (AML) controls. As a result, the top penalties for non-compliance almost doubled in value. In this article, we examine some of the highest fines imposed for AML violations in 2023 and analyze the type and nature of the breaches that resulted in the heaviest penalties. The fact that these fines were imposed on FIs from various sectors and regions highlights the importance of complying with regulatory requirements and the need for improved compliance technology to ensure better adherence to these requirements.

AML fines in 2023

While fines are typically issued several years after AML failings occur, the top AML fines incurred in 2023 occurred across the following sectors:

1. Cryptocurrency – $5.8 billion+ in fines
2. Banking – $835 million+ in fines
3. Gambling – $475 million+ in fines
4. Trading and brokerage – $194 million+ in fines

Cryptocurrency – $5.8 billion+ in fines

In 2022, the cryptocurrency industry was ranked fourth in our review of AML fines, with $30 million in financial penalties. However, in 2023, the industry jumped to the top spot, with crypto companies fined over $5.8 billion for inadequate AML programs. According to a Financial Times analysis, this total results from 11 fines, compared to an average of less than two per year over the last five years.

AML compliance failures that led to these fines included:

• Violating the Bank Secrecy Act (BSA).
• Security shortcomings.
• Not registering as a money-transmitting business.
• Not conducting customer checks.
• Failing to uphold sanctions.
• Violating the International Emergency Economic Powers Act (IEEPA).

Banking – $835 million+ in fines

Although there was a significant decrease in AML penalties in the banking sector in 2023 compared to the previous year, some institutions faced substantial fines. Many of these fines resulted from years-long investigations that revealed institutions failing to make considerable progress in areas they had pledged to address multiple years prior. For example, one multinational bank was fined $186 million by the US Federal Reserve for persistent weaknesses in its controls on sanctions compliance and transaction monitoring. This is despite being fined $99 million a few years prior for the same issues. 

Similarly, the Financial Conduct Authority (FCA) discovered that a bank continued using inadequate AML systems, even though the regulator had raised concerns about them previously. The bank failed to make effective changes, allowing money to pass through the firm without appropriate checks. The bank also neglected to properly check its customers’ source of wealth (SoW) and source of funds (SoF), allowing the money to be used within the UK without proper scrutiny. 

Gambling – $475 million+ in fines

For the second year in a row, the Australian Transaction Reports and Analysis Centre (AUSTRAC) issued a substantial fine to an entertainment group for repeatedly violating the country’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CFT Act). Specifically, the company did not have a transaction monitoring program in place that was appropriate for the size and complexity of the organization. Additionally, its enhanced due diligence (EDD) program was found to lack appropriate procedures to ensure higher-risk customers were subjected to extra scrutiny.

Insufficient EDD programs were also key to many of the fines issued by the UK Gambling Commission. In one case, a customer was able to spend over £36,000 before any EDD checks were conducted. Inadequate SoF and SoW checks were also repeatedly noted, leading to another customer depositing £71,000 and losing over £70,000 without the operator having knowledge of the customer’s SoF or SoW. 

Additional failings by gambling companies identified by regulators in 2023 included:

• Accepting bets before being licensed.
• Violating advertising regulations or engaging in inducement practices.
• Accepting wagers that are prohibited by law.
• Offering bonuses that violate local gaming laws.
• Failing to prevent excessive spending and imposing account limits.

Trading and brokerage – $194 million+ in fines

In 2023, the Financial Industry Regulatory Authority (FINRA) issued three times the amount of fines compared to the previous year as the regulator upped its focus on non-compliance with Regulation Best Interest (Reg BI), which requires companies to prioritize customer interests ahead of their own. In one case, a former securities broker was fined by FINRA for engaging in unsuitable trading where they had de facto control. The trading resulted in high turnover rates and cost-to-equity ratios that were well above the traditional guideposts of six percent and 20 percent. As a result, multiple customers incurred significant losses, including one account losing $80,072.

In another instance, an investment banking firm was fined by the FCA for AML failings related to cum-ex trading. Despite red flags during the onboarding process, the firm ignored financial crime risks when executing trades on behalf of 11 clients, which resulted in a loss of over €22 million for one client. However, in this case, and many of the other penalties issued by the FCA, the firm did not dispute the regulator’s findings, making them eligible for a 30 percent reduction under the FCA’s settlement discount scheme.

AML violations with the biggest penalties

In light of the examples listed above, the AML violations that received the biggest penalties included:

• Lack of proper CDD/EDD measures: Many of the penalties relating to inadequate due diligence checks manifested as incomplete or insufficient verification of customer identities, failure to assess the nature of business relationships, or overlooking the ongoing monitoring of customer transactions.
• Failing to uphold sanctions: A key underlying factor that led to a large majority of penalties relating to sanctions noncompliance related to outdated systems that did not reflect current sanctions lists. 
• Not submitting suspicious activity reports (SARs): In addition to overlooking unusual or suspicious transactions, this common type of non-compliance also manifested in failing to train staff adequately on recognizing and reporting potential financial crimes. 

The State of Financial Crime 2024

Unpack the results of our global survey on what senior compliance decision-makers believe will shape 2024.

Download now

Recent and upcoming regulations to be aware of

In last year’s top AML fines blogs, we shared a concerning statistic that more firms are choosing to incur AML fines and make violations “all the time.” While the reasons behind why firms are becoming increasingly desensitized to fines are complex, keeping up with recent and upcoming changes to global AML regulations remains key to the overall stability of the financial system.

Our State of Financial Crime 2024 report explores these regulatory developments and their impact at length, a summary of which can be found below.

Key changes in AML regulations in 2023

• Hong Kong: In February 2023, the Hong Kong Monetary Authority (HKMA) published revised guidance relating to transaction monitoring, screening, and suspicious transaction reporting. The guidance underscored the regulator’s aim for authorized institutions to adopt a system that generates targeted alerts to deliver more actionable insights.
• United Kingdom: The UK’s Economic Crime and Corporate Transparency Act (ECCTA) was introduced in 2023 to combat illicit finance. The act included reforms such as a new failure to prevent fraud offense, a beneficial ownership registry, improved transparency, and enhanced intelligence-gathering powers for law enforcement. De-banking also became a significant regulatory obstacle in the UK after allegations of unfair treatment.
• United States: Preparing for the requirements set out in the Corporate Transparency Act (CTA) was – and continues to be – a major focus area for financial institutions (FIs) operating within the US. A key change that was introduced via this act was the requirement for firms to submit beneficial ownership information (BOI) to the Financial Crimes Enforcement Network (FinCEN). 

AML regulations in 2024

• Markets in Crypto-asset (MiCA) regulation: New regulations for stablecoin issuers in the EU will take effect in mid-2024, under the MiCA regulation. Other countries such as Hong Kong, Singapore, and the UK are also working on similar legislation. These regulations will increase scrutiny and require issuers to hold sufficient reserves, protect holders, and safeguard assets. The improved regulatory framework will promote transparency and accountability and boost institutional investor confidence.
• The Corporate Transparency Act (CTA): In the past, businesses in the United States were not required to publicly disclose or maintain a record of their shareholders or ultimate beneficial owners (UBOs). This lack of transparency allowed anonymous shareholders to control businesses and create shell companies to disguise and move illicit funds. To prevent this kind of activity, Congress passed federal legislation to collect beneficial ownership information (BOI) for entities formed under US state laws. This legislation, known as the Corporate Transparency Act, was passed in January 2021 and took effect on January 1, 2024.
• The European Union’s New AML Package: 2023 marked a big step toward the full implementation of the EU’s new AML package, consisting of (1) a new AML regulation (AMLR), (2) the 6th Anti-Money Laundering Directive, (3) a regulation establishing a European Anti-Money Laundering Authority (AMLA) and (4) an update to the Wire Transfer Regulation (TFR). The TFR was fully agreed upon in May 2023, bringing crypto-asset service providers (CASPs) within the regulatory framework and requiring them to collect and share originator and beneficiary information (the ‘Travel Rule’). Further steps toward full implementation will be made in 2024.
• The Economic Crime and Corporate Transparency Act 2023 (ECCT Act): The ECCT Act has been introduced to combat economic crime and promote transparency in corporate entities. One of the key features of this act is the reform of the UK companies registry, Companies House. The ECCT Act also includes provisions to hold organizations accountable if they profit from fraud committed by their employees, through the creation of a new failure to prevent fraud offense. Additionally, it reforms the corporate criminal liability laws for economic crimes, making corporations liable for their own economic crimes. The implementation of the provisions in the ECCT Act will be in stages since many of them will require systems development and secondary legislation before they can be implemented. However, as of January 2024, the Companies House Registrar has confirmed that initial changes will be introduced from March 2024.
• The FCA’s review of PEPs: In July 2023, the UK government asked the FCA to review its guidance on risk management for PEPs. In September 2023, the FCA announced it would examine how firms apply the definition of PEPs, conduct risk assessments, implement EDD and ongoing monitoring procedures, decide on account closures, communicate with customers, and review PEP controls. Although not a confirmation of new or updated PEP regulations, corrective measures may be taken based on the FCA’s findings – which will be presented by June 30, 2024.

How to avoid AML fines in 2024

Iain Armstrong, a Regulatory Affairs Specialist at ComplyAdvantage, believes that compliance officers need to prioritize good outcomes by emphasizing the human cost of financial crime over the financial cost. Firms should also not ignore the long-term reputational effects of widely-publicized fines and enforcement actions.

To mitigate potential AML fines in 2024, firms should:

• Improve customer screening measures to automate onboarding processes and exceed regulatory requirements.
• Access real-time global coverage with robust watchlists and sanctions screening software.
• Implement a transaction monitoring solution that screens in real-time and can be configured based on different risk appetites for various business flows.
• Provide adequate training to compliance staff on AML requirements, including reporting obligations, conducting sufficient SoF and SoW checks, and sanctions/asset-freezing measures.