Global fines for failing to prevent money laundering and other financial crime rose by more than 50% in 2022, according to regtech company Comply Advantage, including over $8bn for anti-money laundering (AML)-related breaches. While trading and brokerage firms were on the receiving end of around 75% of the fines, banks made up a large part of the rest — attracting more than $2bn in fines.
Danske Bank alone received a $2bn fine from the US Department of Justice in December 2022 for defrauding US banks with regard to Danske Bank Estonia’s customers and AML controls. According to reports, the money laundering scheme was uncovered in 2013; however, the bank missed opportunities to address these problems and did not publicly disclose the full extent of the wrongdoing until 2018.
The bank was slow to respond, for which the regulators meted out a crippling fine. Penalties are imposed not only for compliance breaches, but because institutions fail to fix the underlying problems.
Danske Bank is not alone when it comes to large fines, nor in failing to address weaknesses in its AML procedures sufficiently quickly or effectively, despite running large internal projects designed to do so.
Why do financial crime and regulatory change projects go wrong? Specialist consultancy Beyond FS’s whitepaper, ‘Fine Prevention: Why financial crime and regulatory programmes fail and how to fix them’, looks at the reasons behind such failures and offers some guidance in avoiding the pitfalls.
Many are the same in all large change management programmes, such as underestimating the scale of the programme, failure to break it down into clear steps, failure to obtain the necessary budget and resources, and poor project governance.
However, other reasons are unique to financial crime and regulatory remediation programmes, including: compliance and audit teams disconnected from the operational reality; data and reporting failing to uncover the real problems; and an inadequate closure process that fails to satisfy the regulator’s requirements.
Plus, these projects often start reactively (something bad has happened and the bank needs to respond quickly and show it is tackling the situation), are complex (touches multiple areas across the organisation) and are considered ‘zero-fail’. They are also mandatory, often require culture change, are carried out under high pressure and have to stand up to the regulator.
The Beyond FS whitepaper outlines best practice in how to plan, manage and deliver a critical regulatory programme, including several case studies.
For example, it advocates establishing a design authority, or a cross-functional committee of experts representing the main functions impacted by the programme, at the start to guide the delivery teams. In addition, creating a programme management office to manage the programme methodology, governance, controls, and accurate reporting for the whole programme will enable sponsors and leaders to manage and deliver the plan successfully.
According to the report, one of the biggest challenges in remediation programmes is obtaining, managing and reporting on data. Therefore, understanding progress against milestones is crucial. “The key is to systematise reporting and make it accessible through dashboards, so people can extract information quickly and easily, and drill down into it when needed,” says Beyond FS.
Importantly, one of the recommendations is to use consultants in the right way. The report says: “Don’t spend large amounts turning them into experts in your business, only to lose their knowledge when they go. They are likely to have skills that are not available in your in-house team. Make sure that they are well integrated so that they leave your team better trained and empowered to take on greater responsibilities when the next big project comes around.”
When it comes to programme closure, rigorous documentation and sign-offs are vital, according to the whitepaper, because the governance process is materially different from a regular change project. Generally, the closure process takes place over several months and involves various closure committees meeting to review programme output and deliverables.
“The programme sponsor must review key closure documentation, check that what has been delivered meets the requirements set out by the regulator and be clear on any residual risks. The programme must assemble a body of evidence to support this view,” says the report.
According to Beyond FS, it is important to remember that a financial crime and regulatory change programme’s rate of progress could influence the share price of the bank and its reputation. As such, the board will need full confidence that the programme is being managed effectively and be willing to allocate the resource needed to get it over the line.
Joy Macknight is editor of The Banker. Follow her on X @joymacknight
Register to receive the Editor’s blog and in-depth coverage from the banking industry through the weekly e-newsletter.
