Law & Regulation
5 billion reasons to get comfortable with compliance by Paul Moore

5 billion reasons to get comfortable
with compliance

by Paul Moore
It was a tumultuous year for companies in the financial services space in 2022. Fines, at least for the first half of 2022, were significantly down when compared to the first half of 2021. Does this mean companies are finally spending enough on compliance or taking it seriously? No, it seems. Figures for all of 2022, according to a report from the Financial Times, show an increase on the previous year to almost $5 billion in total. So, it seems regulators worldwide had a busy finish to the year.

As is the delayed nature of any financial penalties, the offending actions most likely happened a few years back. What is further alarming is the apparent repeat offending by large firms with the worst offender tipping the scales at over $8 billion and counting in fines since 2008 (the Financial Times Report). Perhaps the penalties being enforced on firms are not enough of a deterrent.

If you are a repeat offender, should you be penalised even further in a way that will affect your business until the message is received? With respect to banks, if they are always deemed as too big to fail, they will always be above the law. Is it simply cheaper to pay a fine than implement correct AML procedures? If so, then the way in which penalties are imposed will need to be revised.

Reputational damage
Inadequate AML/KYC processes not only incur financial damages. Reputational damage is just as much of a factor and harder to measure. Perhaps this is more damaging to a large firm than financial penalties. A large organisation might be quicker to achieve and remain compliant if future business earnings were directly threatened by the publicity of their failings.

Customers and shareholders are not going to be satisfied with an organisation that is supposed to be operating with their best interests in mind but instead repeatedly fails to fulfil their compliance regulations. Perhaps there should be some movement towards recognising companies that are consistently on the right side of regulation and compliance as a way of enhancing their reputation.

Not a reward, as companies should be doing all they can to remain compliant, but some positivity towards their efforts might encourage companies to consistently meet their AML requirements. If customers were more likely to choose companies like this, there is even more reason for organisations to pursue consistent compliance.

a standing woman presenting informationon a whiteboard to a couple sitting down
Whilst there might have been fewer fines than the previous year, the sheer size of the penalties handed out suggest that financial institutions need to be much more proactive in managing the risks they may be exposed to. Without sufficient and strong AML/KYC programs and systems in place, organisations will be at risk of criminals exploiting their weaknesses.

If exploited by criminals or not, they will also be at risk of being fined by Regulators, so it really is essential from a business operations perspective to ensure they are compliant. It is in the name but correct Know-Your-Customer procedures will allow firms to fully get to know their customers and any associated risks that could happen thus allowing them to safeguard their operation from such risks.

Looking at the penalties handed out last year doesn’t instil too much confidence in the parties affected. Some of the fines handed out last year include:

  • Santander were issued £108 million after the FCA found the UK division of the bank had failed to maintain its AML systems correctly which affected over 560,000 customers. From 2012 – 2017, the bank’s systems failed to properly verify the information that customers provided for their businesses. Failing to correctly verify basic information like this is a glaring error and one you would assume would not happen in such a major bank.
  • Coinbase Dec 2022: Coinbase, a publicly traded cryptocurrency trading exchange based in the USA, was fined $50million after it was discovered that they were letting customers open accounts without conducting sufficient background checks. Upon deeper inspection, Regulators found that Coinbase performed “only the most rudimentary KYC checks” on people before allowing them to open accounts.

What do all these fines have in common? They’re all arising from incredibly basic mistakes. Either a failure to take AML seriously or a lack of knowledge as to how to properly implement a rigorous AML program. Given the size of potential fines, it is prudent for a business to be on the side of the Regulator rather than hoping the regulation monster goes away.

The good thing about all of this is that the roadmap to being compliant can be traced from exactly what each firm was not doing. Furthermore, it is becoming increasingly simple and cost effective to deploy a sufficient compliance program. So, perhaps it is an internal organisational hesitancy that is the main obstacle rather than an inability to do so.

The respect or attention that compliance has within an organisation has improved but it still has some way to go before it is seen as a business imperative. Perhaps we are getting closer to this point as Firms now stand to benefit from not only being compliant, but the associated benefits that come being compliant.

For example, a company with a rigorous compliance section in place is more appealing to shareholders and instils more confidence in senior management. Also, they will be more appealing to future employees as it demonstrates they have invested in the future instead of just reacting to what comes their way.

Cost of compliance vs noncompliance
Ponemon Institute and Globalscape conducted a study on multinational businesses to determine the impact of compliance vs non-compliance. They found that non-compliance was almost three times as high as the cost of being compliant. Another way to look at it: every euro that isn’t being spent now could cost you three down the line.

It demonstrates there are inherent dangers in delaying the building of this part of your business and that it should be a priority. Risking it in the hope that your business won’t be affected could be detrimental to the future of your operation. Therefore, all investment into remaining compliance matters should be seen as safeguarding what is to come as opposed to unnecessary spending. The study referenced above was from 2018 so the cost, and risk, of being non-compliant is most likely even higher.

We seem to be in this grey area whereby companies are aware of what is expected of them but simply either don’t want to comply or are not taking the risks seriously enough. Perhaps there will always be an attitude of ‘let’s get away with what we can’ as there is in some industries, but the size of the fines is surely some deterrent. Added to this is the increasing amount of legislation that is being brought in to regulate certain sectors.

One example is the gambling and gaming sector whereby the Gambling Regulatory Authority of Ireland (GRAI) has been established and will be supported by the Gambling Regulation Bill once signed into law. It will be the GRAI’s responsibility to ensure gambling companies are complaint and, with the power to suspend or revoke licenses, compel ISPs (Internet Service Providers) to block access to an online provider, or freeze bank accounts, said gambling companies will be eager to remain compliant. The GRAI will have the power to impose financial sanctions of up to €20m, another reminder of the cost of falling foul of Regulation.

Why is it so high and why is it rising?
The introduction of new laws has resulted in a dramatic increase in the number of fines being handed out.

The size of the fines is representative of the importance of safeguarding an individual’s private information. Organisations can no longer place their customer’s data at risk and must treat it with the same respect/place the same value on it as they would their most valuable company IP (Intellectual Property).

The cost of safeguarding sensitive information is suddenly becoming clear and this is where an organisation must use innovative technology to ensure they are on the right side of regulation. Whilst it can be initially difficult to integrate new technology, if enough research is carried out and sufficient support is provided, an organisation will eventually reap the rewards.

Of course, there will always be some issues that arise with deploying a new technology, like adoption, implementation, and acceptance by their staff members.

Furthermore, it can be a testing time when a new program or software is introduced but it should hopefully have a positive impact on the team, and overall organisation, eventually. It will also benefit their customers, shareholders, and future performance, which underlines how valuable the right technology could be.

Paul Moore
Paul Moore
Marketing Manager of valid8Me