A €3 million fine is the latest in a number of anti-money laundering fines for ING, but what can they and the rest of the sector learn?
At the beginning of March, ING was fined €3 Million for failures in anti-money laundering regulation. It’s the latest major AML case involving European regulators and confirms this will continue to be one of the most serious issues financial firms face over
the coming years.
French regulator, Autorité de Contrôle Prudentiel et de Resolution (ACPR), launched a review into ING in 2018. It identified significant shortcomings in ING’s controls to prevent money laundering and issued a fine. ING has said it is committed to improving
its compliance and has implemented the required changes.
So, what lessons can others learn?
1. Heightened scrutiny
Anti-money laundering is an increasingly important priority for regulators. As we’ve reported in the past, fines for anti-money laundering failures have been
rising in recent years. This comes partly because regulators are looking at the issue more closely. They are uncovering deficiencies in operations across all businesses and issuing
fines accordingly. Equally worrying is that many companies appear to be making the same mistakes which shows some are not learning the lessons from the past.
2. Learn and improve
This is not the first time ING has struggled with issues around anti-money laundering. As regulators increase their focus on money laundering, ING’s businesses around the world have faced increased scrutiny both externally and internally.
In 2018, ING was ordered to pay €775million, the largest ever fine from Dutch prosecutors. Repeated offenses can exacerbate penalties from regulators, especially if companies have
ignored warnings in the past or indeed, not learned the lesson.
3. A challenging environment
ING is making progress. Their internal KYC project has been scrutinising their internal processes. In many cases they found provisions were adequate, but they have also uncovered a number of areas of concern. They say they are committed to improving their
compliance. However, for a large company working across multiple territories, this can be easier said than done. This type of environment is the perfect example of where RegTech solutions can help. Manual workload is significantly reduced (in most cases, from
man-hours down to man-seconds). This enables compliance functions to concentrate their efforts where they are needed most. Companies need to embed compliance and monitoring throughout the organisation, giving all relevant staff the tools required to maintain
vigilance. They also need a comprehensive AML plan which reflects their actual business.
4. Make an effort
Regulators want to see a commitment to making improvements. They want a certain level of transparency and a demonstration of what improvements companies have made. They are somewhat more forgiving of those companies that fail but that have made reasonable
efforts to comply. Part of that effort comes from analysing data and learning from others. As we often show with our global regulatory platform, the ability to analyse trends and learn from other cases can be critical in understanding how the compliance environment
is moving and learning from the mistakes of others.
5. The future
Regulatory enforcement is likely to become more severe. In Europe, we will see the introduction of AMLD 6 later in the year, as the EU attempts to update its somewhat patchwork approach to money laundering. In the US, the implementation of the AML Act 2020
will have a major impact. Fines are expected to be higher, and enforcement measures tougher as regulators continue to crack down.
ING is just one of many companies that have found their existing measures are ill equipped to handle the evolving environment. They are having to make changes quickly, update systems, embrace new technology and review their approach. The landscape is advancing
swiftly and firms will have to work hard to keep pace. AML threats have increased in recent years, and pandemic restrictions have done nothing to make compliance and monitoring easier. This, coupled with the growing focus from regulators, makes it difficult
to maintain security across all operations in all territories.