Top 10 op risks: sanctions and AML compliance

2012 saw leading banks in the spotlight, accused of negligently or wilfully breaking anti-money laundering (AML) rules or international economic sanctions. Standard Chartered Bank, accused of breaches of US sanctions on Iran by the New York Department of Financial Services, was forced to pay a $340 million settlement. HSBC, accused of overlooking money laundering from Mexico into the US, predicted in November that the total fines could be more than $1.5 billion. In the largest US money-laundering settlement so far, ING paid $619 million in June for violating sanctions against Cuba and Iran through its Netherlands Caribbean Bank subsidiary. Other smaller-scale cases brought Coutts, UBS, Turkish Bank UK, ICICI Bank in India and the Israeli bank Mizrahi-Tefahot to the attention of their respective regulators in 2012.

Three factors make this an increasingly important operational risk in 2013 and beyond.

In February 2012, the Financial Action Task Force (FATF) – an intergovernmental body aimed at stopping money laundering and the financing of terrorism – recommended adding tax crimes to the list of predicate offences for money laundering. FATF chairman Bjorn Aamo commented later in the year: “It is important that tax crimes now are included among the predicate offences for anti-money laundering measures. This will provide a better foundation for international co-operation against tax crimes and tax evasion. More efficient tax collection can be part of international efforts to strengthen public finances.”

But the move was not universally welcomed: “This is a huge expansion of the AML commitment, it’s going to mean a lot more work for us,” says one bank operational risk head. The FATF noted that concerns expressed also included the scope of enforcement required, the difficulty of an inexperienced private sector identifying tax crimes correctly, and the need for a level playing field between countries.

Nevertheless, some jurisdictions are already following the FATF’s advice: the European Commission issued a consultation paper on the change in April (the rule is already in place in some EU member states, at least for domestic as opposed to foreign tax evasion); the Monetary Authority of Singapore did the same in October.

Linked to the inclusion of tax evasion, Fatca also raises the profile of this particular risk. The intergovernmental agreements (IGAs) with the US now being drawn up by several nations will cover much wider exchanges of account-holder information – and could well pave the way for a much wider multilateral exchange of information, providing tremendous advantages to revenue gatherers but posing extensive new compliance problems for financial institutions.

Second, throughout 2012, US and European authorities increased their use of sanctions as a foreign policy tool, and with civil war continuing in Syria and tensions between the West and Iran still high, this is likely to continue into 2013 – especially given their apparent impact in terms of economic stress and hyperinflation in Iran. As the scope of sanctions grows wider, banks face a greater compliance challenge – particularly in the wake of a number of high-profile sanctions evasion cases, which have made clear the potential financial cost of a deliberate or accidental compliance failure.

Third, the penalties for sanctions evasion and AML failures have reached record levels: the Coutts fine in March 2012 was a UK record at £8.75 million, exceeded in July by the £17.7 million fine for HSBC, which also faces a world record fine of over $1 billion for its failures in the US. The lag between failure and penalty – in HSBC’s case, the failures are said to have begun in 2004 – means that the penalties imposed in 2013 will be the result of failures which have in large part already happened. 

There are, however, still actions that operational risk managers can take to reduce potential exposure: in money-laundering as in other areas of financial crime, bona fide efforts to address problems will be a powerful mitigating factor when regulators come to decide on the size of penalties.

Top 10 operational risks 2013: Back to introduction

IT sabotage
 

Reputational damage

Incentives and compensation

Fraud and customer data abuse

Epidemic disease

Political intervention

Sanctions and AML compliance

NEXT: Emerging market operating risks

Business continuity and disaster recovery

Failure to enforce internal controls

Operational risk best practice will be discussed at OpRisk Europe on June 11-14 in London. For more information and details about attending visit opriskeurope.com