BankThink

Why do US banks persist in breaching AML regulations?

BankThink in uptick in banks' AML fines show more work is needed
An uptick in fines associated with anti-money-laundering failures demonstrates that U.S. banks still have much work to do, writes Mikhail Karataev.
Adobe Stock

A detailed analysis of the reasons for the $3 billion civil monetary penalty levied against TD Bank for money laundering — the largest in the U.S. Treasury's history — as well as the regulator's charges against Wells Fargo in September, reveals unexpected facts. The real effectiveness of anti-money-laundering, or AML, programs does not directly depend on the size of the compliance department and its IT budget. This prompts us to investigate potential inefficiencies in the way different elements of banks' AML control systems interact.

The main results of work in AML for 2024 show that banks still have significant misunderstandings in many key AML areas. Cumulative data from Fenergo showed penalties up by 31% in the first half of 2024. Banks were fined for shortcomings in methodology ($113.2 million); know your customer ($51 million); suspicious activity reports, or SARs, and transaction monitoring ($30.5 million); and violation of rules regarding politically exposed persons, or PEPs ($26 million). It is significant that not only innovative crypto banks such as First Interstate Bank or United Texas Bank, but also market leaders (Citigroup, Morgan Stanley, Wells Fargo, TD Bank, or City National Bank) were being fined in 2024 for "ongoing deficiencies" in their AML systems. The latter is particularly striking, as leading institutions typically allocate substantial IT resources and employ top-tier AML professionals.

One of the main reasons is that regulators have moved toward a comprehensive assessment of the effectiveness of an AML system, rather than treating various AML measures and typologies separately. Thus, the new 2024 banking AML standard must not only provide robust enhanced due diligence practices, track ultimate beneficial owners, verify PEPs and identify suspicious transactions, but also complement this with the deep understanding and ability of qualified professionals to make timely decisions. In other words, the main takeaway for banks' AML systems in 2024 is the need to move away from a formal approach solely through IT controls to achieve real, practical results. The goal of 2025 is efficiency, not just data, so bankers must bear in mind the importance of separating fashionable and useful AML IT solutions.

At the same time, it would be a dangerous mistake to believe that AML systems in modern banks are free from human error and that educated staff can solve all problems. Analysis of audit reports helps identify AML violations attributable to causes such as "staff may be susceptible to error"; "bias"; and "external pressure," all of which may affect a bank's ability to detect suspicious activity. However, it should be acknowledged that the majority of these errors occur at the level of line employees and middle managers, and, as a result, they are unlikely to have a long-term, pervasive and systemic impact on the bank's overall AML risks.

The megabank disclosed that regulators are looking at its anti-money-laundering and sanctions compliance. Wells Fargo was recently hit with an enforcement action over similar matters.

October 30
Bank Of America Ahead Of Earnings Figures

A thorough analysis reveals that the primary reason for large banks' inefficiency in AML is the internal erosion or diffusion of responsibility. Aggressive AML enforcement pressures senior managers to delegate important decision-making to their deputies, who, in turn, prefer to create collegial decision-making bodies (such as committees or boards) or introduce a wide range of preliminary approval of decisions, which ultimately leads to delays and inefficiency. As a result, large banks have significant compliance budgets and skilled AML methodology but also have more bureaucratic structures and processes, making it challenging to quickly implement changes in response to new regulations or evolving risks and ultimately leading to fines.

In contrast, smaller banks often rely on simpler and more adaptable processes to effectively manage AML risks with limited resources, but need collaboration to access specialized AML methodology expertise. Thus, a clear vertical of responsibility with a more flexible decision-making structure is the key to the effectiveness of AML. When compliance goes wrong, someone's got to take the fall. That's why AML audit professionals know that in 2024, the term BSA doesn't mean "Bank Secrecy Act" but rather "Blame Someone Always."

It is also important to recognize that identifying suspicious transactions alone is no longer sufficient to assess the true effectiveness of a bank's AML system in 2024, which had traditionally been a core AML focus. A key criterion now considered by regulators is the ability to streamline processes and reduce unnecessary administrative barriers for law-abiding customers.

The persistence of AML violations at U.S. banks clearly shows that the problem is not simply one of insufficient funding or a lack of IT tools. The critical lesson of 2024 for U.S. banks is that AML effectiveness cannot be achieved solely through technology or even the most extensive compliance staff. Instead, it's a systemic issue related to the way banks internally manage and allocate responsibility, as well as a focus on ticking regulatory compliance boxes rather than striving for true efficiency. It is about creating a balance between innovation, human judgment and clear accountability. 2025 could be the year when banks finally break this vicious cycle of AML violations if they learn from their mistakes.

For reprint and licensing requests for this article, click here.
Regulation and compliance AML Money laundering Risk
MORE FROM AMERICAN BANKER