Banks in Asia received a record number of regulatory fines in 2020. What’s behind the rise and do these penalties work? 

HK

The year 2020 has been a memorable one in Asia, but for all the wrong reasons. With the lingering US-China trade war knocked out of the headlines by the emergence of the Covid-19 pandemic, the region’s banks had enough to deal with without regulators coming to do their checks. 

But the regulators did come, and what they found did little to cheer up the sector. Instead, the region’s banks ended up receiving the highest amount of fines issued to date for a multitude of anti-money laundering (AML), combating the financing of terrorism (CFT) and know your customer (KYC) breaches — in some cases dating back several years. 

The rise in fines in some countries is sizeable. Rachel Woolley, global director of financial crime at regtech company Fenergo, says: “In the year to July 2020, we saw Hong Kong’s fines increase by 223%, while Pakistan’s increased by 845%, from $1.07m to $10.13m. Singapore had no fines issued last year, but this year has seen $794,000 imposed in enforcement actions.” 

In the year to July 2020, we saw Hong Kong’s fines increase by 223%

In total, the fines handed out across the region have amounted to approximately $4bn — a substantial chunk of the $10bn in enforcement actions seen globally. 

Is Asia behaving badly? 

This astonishing number has been seen thanks to a combination of factors. In particular, the actions of the Financial Action Taskforce (FATF) has had a considerable impact. 

Sihem Mouelhi, chief product officer at digital financial crime risk rating agency Elucidate, says it is part of a wider trend: “We are seeing a wave of enforcement actions being imposed globally. We saw the big regulatory penalties start to come out of the US a decade ago, which moved to the UK and European regulators. Now this is moving on to Asia.” 

In some cases, Asia is taking some of the impact from problems that have arisen in parent banks located in different regions. Shilpika Gautam, vice-president of strategic partnerships at Elucidate, explains: “If there’s an issue with a bank in the US, for example, it’s likely there is a problem with that bank in the UK and in Hong Kong. Once one regulator cracks down, the others are under pressure to follow and identify the activity that took place in their territory.” 

rachel woolley

Rachel Woolley, Fenergo

The fines reported are not being given out for trivial reasons. The region has seen the conclusion of one of the world’s largest AML cases in recent years — the 1Malaysia Development Berhad (1MDB) settlement in October 2020 — with the regulator agreeing a $2.5bn penalty with Goldman Sachs and the return of $1.4bn in assets. It came after the bank’s Malaysian subsidiary admitted it had paid $1.6bn in bribes to officials as part of the 1MDB scandal, which saw billions of dollars being looted from the state fund. 

But not all fines, regardless of size, garner the same level of impact in public, or stakeholder, perception. 

Ms Woolley says: “Some banks may be looking at fines as the cost of doing business, but there are some jurisdictions that are concerned about the negative attention they get from what the banks are being implicated in. When you see stories emerge that touch on issues like human trafficking, wildlife trafficking or organ trafficking, people have a much stronger reaction and the reputational damage is much greater. There is also the potential impact for shareholders.” 

In particular, Australia’s Westpac was slapped with a fine of A$1.3bn ($950m) in September 2020 — a record in the country — for compliance failings. The Australian Transaction Reports and Analysis Centre (Austrac) found the bank had failed to adequately report more than 19 million international transactions. Further analysis of the payments carried out by Austrac and local media found some of the payments were potentially linked to child exploitation in the Philippines. While the bank is paying a significant fine, Austrac has reported that the bank’s 23 million breaches of the AML/CFT Act could each have had a A$21m fine attached. Both the bank’s chairman and chief executive resigned due to the scandal. 

Widespread impact 

Asia’s fines have been spread out across the region, with China, Taiwan and India also seeing fines on top of those mentioned above. Several of these fines are coming as a result of the countries’ regulators taking a more active approach to cracking down on illicit activity. 

Sophie Lagouanelle, head of solutions at compliance and payments company Accuity, says: “Hong Kong is looking quite carefully at its controls. It is not enough to have the solution in place, but to ensure the monitoring of the system for a high degree of precision and control. Still, Hong Kong [Monetary Authority] fined JPMorgan at the end of 2018, pointing to three areas of failures. There were issues with the wire transfers, shortcomings with customer due diligence and gaps in procedures.” 

Other cases are coming to light as the regulators change how they assess breaches. “Singapore is an interesting case as it has a very innovative regulator,” Ms Lagouanelle adds. “They work closely with banks to foster compliance intelligence through technology, particularly around AML and KYC. What we’ve seen is they are not concerned if some controls are automated, as long as they can be explained, as in combination with manual processes there is actually a higher chance of effectiveness.” 

There have also been instances of regulators looking to get ahead of the curve. FATF undergoes a mutual evaluation process, conducting site visits to check that institutions are complying. This is monitored by assessing countries against the 40 FATF recommendations and 11 immediate outcomes to determine if the AML regime in place is up to scratch. Should a country miss this target, they will be issued with an action plan to get back on track, but this can come with a degree of reputational damage.

“This can result in other countries looking at that jurisdiction unfavourably,” explains Ms Woolley. “Pakistan, for example, has been subject to increased scrutiny in recent years and has implemented an action plan since 2018 to address strategic deficiencies. Notably, there has been a significant increase in the enforcement actions issued in 2020.” 

Banks should anticipate they are going to be challenged

Pakistan agreed to start complying with FATF in 2018, when it was placed on the grey list for failing to act on terrorist financing. The country has since been found to have made progress in 21 of the 27 actionable items. However, as the deadlines have now passed, FATF has urged Pakistan to meet the outstanding requirements by February 2021. 

FATF publishes its calendar for inspections far in advance. India, for example, should expect a visit in 2021, as its previous evaluation took place in June 2010 and its plenary discussion is outlined for February 2022. Elsewhere in the Asia-Pacific region, Laos, Nepal, the Marshall Islands and Brunei are all scheduled to have be inspected before the end of 2020. 

To avoid embarrassment, some countries are looking to make changes before FATF pays its visit. “Many regulators will engage with the financial institutions under their supervisory remit ahead of the FATF onsite visit in an effort to identify and remediate any gaps or concerns,” adds Ms Woolley. “The Financial Services Agency in Japan, for example, highlighted their approach to supervision ahead of the onsite that took place in 2019. The mutual evaluation report for Japan is expected in February 2021.” 

Technology logjam 

FATF evaluations, like many things, have been held up due to the Covid-19 pandemic. But this is not the only impact the global health crisis has had. Banks and regulators alike are now learning how to work remotely, while ensuring they are meeting a high standard of compliance. 

Ms Lagouanelle says this has brought a range of new challenges. “With the move this year to remote working, it is harder to keep on top of the regulatory pressure. One example is the onboarding of new customers, which will put greater pressures on the systems as the whole process is being done remotely,” she says. “The scrutiny of the regulators will not subside because of the pandemic.” 

Maria Robles, director and consulting expert at IT and business consulting firm, CGI, says: “We noticed a slower response time during Covid-19 as financial institutions implemented remote procedures. There was a slight lag as institutions transitioned to working remotely, which was new to most organisations. For example, most fraud analysts did not have laptops or access to virtual private networks. This may have long-term implications for fine assessments, if this trend continues.” 

Headshot_-_Sophie_Lagouanelle_2_-removebg-preview

Sophie Lagouanelle, Accuity

Even when there has been a move towards digital services, this can itself create more trouble. Ms Gautam says some of the problems banks see may arise due to the fractured digitisation that has taken place in recent years. “To put into perspective the as-is of control systems within a bank, they might have 300 different systems in use that don’t necessarily talk to each other. Then when the regulator comes looking for a report of the bank’s operations and evidence of regulatory effectiveness, it can feel quite challenging to provide a comprehensive picture of where a bank’s risk lies,” she says.

The impetus now is on meeting the requirements of the regulators and doing this digitally. “Regulators are urging organisations to leverage technology as part of their strategic approach as a way to transform away from traditional AML models that heavily rely on manual intervention,” says Ms Robles. “In short, financial institutions should focus on emerging technologies that have robust customer risk-rating models, continue to refine and simplify their ecosystem, and augment the quality of their data and institute practices that continuously update their customer profiles.”

This could have an impact further down the line on smaller, domestic banks, which may not have the budget to add another expensive digital system into their back office. Ms Woolley says: “Smaller institutions may struggle with meeting the requirements or having the digital infrastructure in place, but the regulator takes into consideration what efforts have been made when calculating the value of an enforcement action. It is one thing to deliberately flout AML rules, and another where the systems and controls perhaps aren’t tight enough and require remediation.” 

Preventative measures 

Even with so many fines issued during 2020, this is likely a trend that will continue, rather than be a one-off event. “We can anticipate that this trend of high fines is going to continue and actually expand geographically in alignment with FATF focus. I think banks should anticipate they are going to be challenged,” Ms Lagouanelle says.

Although the banks are seeing fines running into billions of dollars, while they are astonishing numbers externally, they may not be having the same impact within the bank. “Some of the fines issued can account for a tiny amount to a bank,” Ms Woolley says. “One financial institution in 2015 was hit with fines that ultimately accounted for just eight days’ profit. This is just a drop in the ocean for the global giants.” 

If fines do little to deter banks, the question arises whether there is a better alternative to ensuring banks and their employees toe the line when it comes to regulation. 

Ms Mouelhi of Elucidate says: “The short answer to why banks are still seeing these kinds of fines is because the incentives are wrong. When it comes to the fines, many banks are going to bite the bullet — it’s not enough of an incentive for them to really crack down on that kind of activity. It’s almost becoming part of the cost of doing business. In our view, only by working financial crime risk into pricing can we change the incentive structure to encourage substantial actions being taken against illicit finance.” 

Ms Woolley agrees. “One of the most consistent themes we’ve seen in reports is that the enforcement actions issued aren’t enough of a deterrent for financial institutions to do better. There is also a question as to whether there are sufficient resources at the financial intelligence units in each country to bring a prosecution, a concern regularly highlighted by FATF.” 

She believes the answer may be taking the cases down to the individual level. “In future, I think as well as issuing eye-watering penalties to the institutions, we will see more examples of individuals being held to account. We have seen a couple of examples of individuals that are directly accountable for the behaviour being put under criminal investigation. In some jurisdictions we see this can result in personal liability from a financial perspective, or being struck off from holding positions again,” she says.

There has been a precedent set of this kind of response — one prosecution has happened in the 1MDB case. Tim Leissner, a former partner at Goldman Sachs, pleaded guilty in the US to conspiring to launder money and violating foreign bribery laws. Another of the bank’s executives is awaiting trial on foreign bribery charges. The outcomes of these cases could provide insight as to how major KYC and AML breaches will be dealt with in future. 

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter