To date, most large fines for AML or sanctions violations have been accompanied by a juicy real story of Mexican drug traffickers, Russian mobsters, crooked politicians, terrorist supporters or rogue states being able to systematically funnel money to or
through the financial institution.
From the regulators’ perspective, this is the brilliance of offering the risk-based approach to the industry. If the bad guys were able to abuse your institution, your risk-based approach
must have been wrong. “Do what makes sense” in reality also means “Get it right or else”. Once the illicit money flow is found, the government can work its way back to determine where the compliance program broke down – which surely it did. You
should have known this, you should have done that.
Powerful as this mechanism may already be, AML compliance officers could take some comfort in thinking that the regulator would be relatively gentle when finding a window left unlocked - as long as a burglar had not come through it, and more than once at
that. Some level of neglect can (not saying that it should) be a calculated risk, as long as no one gets hurt. “No harm, no foul”, right?
Not anymore. The recent FSA (the UK Financial Services Authority) ruling against a large institution describes a number of shortcomings in the institution’s sanctions screening program, which
could have allowed payments by or for sanctioned entities to pass unnoticed. Some of the gaps seem to have been quite serious to be sure, but nowhere does the ruling mention that such payments
did go through. While the whole point of regulations and compliance is of course to ensure that all the windows are locked
before the burglar gets his chance, this record UK enforcement action is a departure from previous high-profile cases that ups the ante even further. No harm can still be a foul, and a serious one at that.
The FSA ruling had several other interesting aspects to discuss, so please check back soon for further postings.