As is the delayed nature of any financial penalties, the offending actions most likely happened a few years back. What is further alarming is the apparent repeat offending by large firms with the worst offender tipping the scales at over $8 billion and counting in fines since 2008 (the Financial Times Report). Perhaps the penalties being enforced on firms are not enough of a deterrent.

If you are a repeat offender, should you be penalised even further in a way that will affect your business until the message is received? With respect to banks, if they are always deemed as too big to fail, they will always be above the law. Is it simply cheaper to pay a fine than implement correct AML procedures? If so, then the way in which penalties are imposed will need to be revised.

Customers and shareholders are not going to be satisfied with an organisation that is supposed to be operating with their best interests in mind but instead repeatedly fails to fulfil their compliance regulations. Perhaps there should be some movement towards recognising companies that are consistently on the right side of regulation and compliance as a way of enhancing their reputation.

Not a reward, as companies should be doing all they can to remain compliant, but some positivity towards their efforts might encourage companies to consistently meet their AML requirements. If customers were more likely to choose companies like this, there is even more reason for organisations to pursue consistent compliance.

If exploited by criminals or not, they will also be at risk of being fined by Regulators, so it really is essential from a business operations perspective to ensure they are compliant. It is in the name but correct Know-Your-Customer procedures will allow firms to fully get to know their customers and any associated risks that could happen thus allowing them to safeguard their operation from such risks.

• Santander were issued £108 million after the FCA found the UK division of the bank had failed to maintain its AML systems correctly which affected over 560,000 customers. From 2012 – 2017, the bank’s systems failed to properly verify the information that customers provided for their businesses. Failing to correctly verify basic information like this is a glaring error and one you would assume would not happen in such a major bank.
• Coinbase Dec 2022: Coinbase, a publicly traded cryptocurrency trading exchange based in the USA, was fined $50million after it was discovered that they were letting customers open accounts without conducting sufficient background checks. Upon deeper inspection, Regulators found that Coinbase performed “only the most rudimentary KYC checks” on people before allowing them to open accounts.

What do all these fines have in common? They’re all arising from incredibly basic mistakes. Either a failure to take AML seriously or a lack of knowledge as to how to properly implement a rigorous AML program. Given the size of potential fines, it is prudent for a business to be on the side of the Regulator rather than hoping the regulation monster goes away.

The good thing about all of this is that the roadmap to being compliant can be traced from exactly what each firm was not doing. Furthermore, it is becoming increasingly simple and cost effective to deploy a sufficient compliance program. So, perhaps it is an internal organisational hesitancy that is the main obstacle rather than an inability to do so.

For example, a company with a rigorous compliance section in place is more appealing to shareholders and instils more confidence in senior management. Also, they will be more appealing to future employees as it demonstrates they have invested in the future instead of just reacting to what comes their way.

It demonstrates there are inherent dangers in delaying the building of this part of your business and that it should be a priority. Risking it in the hope that your business won’t be affected could be detrimental to the future of your operation. Therefore, all investment into remaining compliance matters should be seen as safeguarding what is to come as opposed to unnecessary spending. The study referenced above was from 2018 so the cost, and risk, of being non-compliant is most likely even higher.

We seem to be in this grey area whereby companies are aware of what is expected of them but simply either don’t want to comply or are not taking the risks seriously enough. Perhaps there will always be an attitude of ‘let’s get away with what we can’ as there is in some industries, but the size of the fines is surely some deterrent. Added to this is the increasing amount of legislation that is being brought in to regulate certain sectors.

One example is the gambling and gaming sector whereby the Gambling Regulatory Authority of Ireland (GRAI) has been established and will be supported by the Gambling Regulation Bill once signed into law. It will be the GRAI’s responsibility to ensure gambling companies are complaint and, with the power to suspend or revoke licenses, compel ISPs (Internet Service Providers) to block access to an online provider, or freeze bank accounts, said gambling companies will be eager to remain compliant. The GRAI will have the power to impose financial sanctions of up to €20m, another reminder of the cost of falling foul of Regulation.

The size of the fines is representative of the importance of safeguarding an individual’s private information. Organisations can no longer place their customer’s data at risk and must treat it with the same respect/place the same value on it as they would their most valuable company IP (Intellectual Property).

The cost of safeguarding sensitive information is suddenly becoming clear and this is where an organisation must use innovative technology to ensure they are on the right side of regulation. Whilst it can be initially difficult to integrate new technology, if enough research is carried out and sufficient support is provided, an organisation will eventually reap the rewards.

Of course, there will always be some issues that arise with deploying a new technology, like adoption, implementation, and acceptance by their staff members.

Furthermore, it can be a testing time when a new program or software is introduced but it should hopefully have a positive impact on the team, and overall organisation, eventually. It will also benefit their customers, shareholders, and future performance, which underlines how valuable the right technology could be.