If you have a couple of hundred million to throw around on money laundering fines then feel free to skip the below. If not, you may want to read on.
With legislators around the world tightening their anti-money laundering (AML) rules and regulators stepping up enforcement actions, penalties for AML shortcomings are hardly a rarity these days. But the $186 million fine the US Federal Reserve slapped on Deutsche Bank and its US affiliates in July offers a salutary lesson. For it demonstrates regulators’ determination not just to punish financial institutions’ AML deficiencies, but to keep on punishing them until they are righted.
Cost of failing to address lax AML controls
The fine stems from Deutsche Bank’s failure to sufficiently address unsafe and unsound AML control and sanctions compliance practices previously flagged by the Fed.
“The Board found that Deutsche Bank made insufficient remedial progress under the 2015 and 2017 consent orders and had deficient anti-money laundering internal controls and governance processes relating to its prior relationship with the Estonian branch of Danske Bank,” the central bank’s statement said. A “significant portion” of the $276 billion in transactions Deutsche cleared for Danske Bank were found to involve high-risk non-resident customers.
Ongoing weaknesses in the bank’s controls were reported in multiple areas, including its compliance oversight, customer due diligence, transaction data, transaction monitoring and filtering, and suspicious activity reporting. Unless Deutsche prioritises addressing these issues it faces additional and escalated penalties.
The Fed separately ordered Deutsche Bank to improve its risk and data management.
The US fine comes after BaFin, the German regulator, told Deutsche Bank last year to improve its AML and counterterrorism financing efforts or face fines.
AML doesn’t stop with client onboarding
Forensic customer due diligence during the initial client onboarding is clearly imperative – not least given the significant uptick in underlying beneficial owner (UBO) requirements introduced around the world. That puts the onus on systematic risk-based client profiling and source of funds/wealth checks, combined with advanced investor and beneficial owner screening.
But as the Fed action against Deutsche Bank and the Dubai Financial Services Authority’s fine of Mirabaud highlight, where financial institutions often come up short is with weaknesses in their ongoing transaction and client monitoring and reporting. Too often firms prioritise checking customers coming through the door, and devote insufficient attention and resources to what happens next. The software tools available to help often exhibit a similar bias.
Ongoing due diligence best practices
Institutions instead must get (and keep) their ongoing due diligence up to scratch throughout the client relationship to avoid a similar fate to the likes of Deutsche. That requires some key capabilities.
Regular account refreshes prompt firms to review each client’s risk profile and ensure all documents and data remain current. Ongoing sanctions and politically exposed persons screening checks for any change in client status – such as an address update or revised bank instruction – and spurs teams to take appropriate action. Automating the screening process frees staff to manage any flagged incidents by exception.
Monitoring for suspicious transactions and behaviours is particularly critical to an effective AML framework – and is an area we see many financial institutions fall down. With real-time activity checks, firms are able to spot AML risks as they happen. Automated alerts flag issues and allow accounts or transactions to be blocked when a suspicious event occurs. Potential issues can then be dealt with before they turn into an actual breach.
And these due diligence capabilities need to be multi-jurisdictional. AML/KYC requirements vary from country to country and over time. Keeping track of the latest guidance and ensuring compliance with each country’s laws – especially for international institutions operating in multiple territories – is challenging. But any mistakes or oversights can leave firms painfully exposed.
Automating these processes wherever possible is the only solution. Effective compliance demands real-time visibility and control at every stage of the client and transaction lifecycle. The volumes of customers and documentation are too great, the criminal networks too sophisticated, and the cross-jurisdictional regulations that financial institutions must meet too diverse and exacting to rely on manual effort.
ABOUT DEEP POOL
At Deep Pool, we are dedicated to helping clients maximise their success. Deep Pool provides the industry-leading compliance software and deep consulting expertise financial institutions need to automate their end-to-end AML/KYC and FATCA/CRS reporting processes. Our team combines compliance experts, business analysts and software engineers to create a unique blend of industry know-how and experience, producing efficiencies, scalability and client servicing benefits that transform users’ businesses.
KURE, our flexible AML/KYC and FATCA/CRS reporting solution suite, supports all types of regulated financial firms, including banks, asset managers and service providers. Deep Pool is headquartered in Dublin, Ireland, with offices in the United States, the Cayman Islands and Slovakia. For more information, visit: www.deep-pool.com.