APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015, largely due to the Goldman and Westpac cases.
Penalties for non-compliance with AML, KYC, data privacy and MiFID regulations have totalled USD 10.4 billion this year, Fenergo says in its annual stocktake of global fines against financial institutions.
A total 198 fines were levied on financial institutions for these breaches, representing a year-on-year increase of 141%. The average value of enforcement actions against financial institutions for AML related compliance breaches was 44% lower than in 2019.
This year included a landmark penalty against Goldman Sachs, totalling USD 6.8 billion between multiple regulators, for its involvement in the 1MBD scandal. The combined penalties represent the second biggest enforcement action imposed against one bank since 2015.
Another landmark case involved a major Australian bank (Westpac), which was fined almost USD 1 billion for money laundering breaches that were linked to serious crimes.
This year only one significant sanctions fine was issued, by the OFSI (Office of Financial Sanctions Implementation) to a UK bank (Standard Chartered) for violating Russian sanctions. The USD 25.4 million fine was the largest ever imposed by the OFSI.
In 2019, nine fines amounting to USD 2.4 billion were issued by US regulators to foreign banks (UK and Italy) for sanctions violations.
The report also found that during the year, 203 individuals were fined USD 88.8 million for AML and MIFID breaches in US, Europe and China, while global data privacy fines amounted to USD 88.6 million.
Fenergo Global Director of Financial Crime Rachel Woolley highlights two notable shifts this year.
“APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 – driven by recent FATF [Financial Action Task Force] activity and the repercussions of the 1MDB scandal,” she said.
“And there has been an increased focus on individuals being penalised than we have seen in previous years.”
APAC regulators – particularly Malaysia’s SC (Securities Commission) and AUSTRAC – were among those handing out the biggest enforcement actions to banks (Goldman & Westpac), Fenergo said.
However, the US Department of Justice was also more punitive this year, issuing enforcement actions totalling USD 1.9 billion to Goldman Sachs, Bank Hapoalim and Union Bancaire Privée.
Collectively, financial institutions headquartered in the US received the highest value of fines, accounting for about USD 7.5 billion, though the fines levied towards Goldman accounted for 91% of the US total.
The report also points to a significant rise in the number of data privacy fines this year. GDPR fines were comparable to 2019 at around USD 1.7 million, while the number of data privacy fines issued in APAC increased significantly – including a fine worth USD 529,027 in India and seven fines totalling USD 6.3 million in China.
The OCC (Office of the Comptroller of the Currency) issued the most significant fine for data privacy this year, ordering Capital One to pay USD 80 million for its 2019 cloud data breach.
For more on Fenergo’s findings, visit financialinstitutionsfines.com.