Corlytics, the regulatory risk intelligence and regulatory compliance management firm, has released a global enforcement fines report for the third quarter of 2023. The enforcement activities have shown a clear increase in the fine amounts imposed ($5.65 billion) as compared to the first two quarters of this year ($1.5billion and $ 2.27billion respectively).
Fines imposed by the US regulators comprised the bulk of the fines issued in Q3 and accounted for over 85 per cent of the total fines globally, bringing the total global amount for 2023 to $5.65billion according to Corlytics. For example, DWS Investment Management Americas, a subsidiary of Deutsche Bank, faced hefty penalties of $25million from the US Securities and Exchange Commission (SEC) for lacking an AML program and making misleading ESG claims. The firm has settled the SEC enforcement action.
The top amounts of fines from US regulators were faced by UBS Group issued by the US Department of Justice (DoJ) and the Federal Reserve Board (Fed).
Fifteen years after the 2008 financial crisis, UBS agreed to pay $1.44billion in penalties to settle a civil action alleging misconduct in relation to its underwriting and issuance of residential mortgage-backed securities (RMBS) issued in 2006 and 2007.
This was the last case brought by the Justice Department RMBS Working Group which was set up to investigate fraud and abuse in the RMBS market leading up to the 2008 financial crisis. The Fed announced a consent order and another $0.27billion fine with UBS Group AG, for misconduct by Credit Suisse, which UBS acquired in June 2023.
The SEC has continued to focus on the use of off-channel communications, such as WhatsApp, used by employees of regulated entities. Rounds of penalties were issued in August and September, along with a requirement for those firms to review their policies and procedures for retaining electronic communications. Further regulatory scrutiny is expected and firms should be taking steps to review their policies and employee compliance frameworks.
Breaking UK regulations
Risk management deficiencies have also been an area of regulatory focus. In July, the UK Prudential Regulatory Authority (PRA) imposed a record fine of £87million on Credit Suisse for risk management and governance failures in connection with its exposure to Archegos Capital Management. It was also the first time that the PRA established breaches of four PRA Fundamental Rules.
The PRA fine formed part of a global enforcement action, with action also taken by the Swiss Financial Market Supervisory Authority (FINMA) and the Fed and combined penalties of $387.5million being imposed in the UK and USA.
“Counterparty risk management remains firmly on the regulators’ agenda: in October this year, the Bank of England issued a letter to bank CROs stating that it was disappointed that messages communicated following the Archegos default have not been fully addressed,” Susie MacKenzie, head of legal and regulatory analytics at Corlytics, comments.
“We are also continuing to see the highest fines in Europe being imposed for breaches of GDPR with the DPC in Ireland fining TikTok €345million in relation to its processing of children’s personal data.”
Focus on data protection
Data protection is another emerging significant area with high-profile data breaches such as the historic groundbreaking Q2 2023 GDPR fine surpassing €1.2billion to Meta from the Irish Data Protection Commission (DPC) influencing the ongoing trend. Companies should be acting to ensure compliance with data protection legislation leading to growing demands for stronger data protection measures.
Regulatory bodies in Europe and the US are responding by enacting and enforcing data privacy regulations.
Financial crime and corporate governance continue to be the two categories where most enforcement activity took place, with fines for fraud, money laundering and terrorist financing going up and topping the list of enforcement action in this category.
Regulators highlight the importance of having adequate anti-money laundering (AML) systems and controls in place to be able to address the growing threat and sophistication of money laundering.
Facing the consequences for compliance and ethics violations
In the UK, a broker affiliate of Archer Daniels Midland was ordered to pay nearly £6.5million by the Financial Conduct Authority (FCA) for not timely addressing anti-money laundering (AML) systems and controls deficiencies first alleged by the regulator in 2014.
Failures in culture, conduct, and ethics have also been subject to a number of fines recently. The US Consumer Protection Financial Bureau (CFPB) fined Bank of America $140million in the third quarter for violations of conduct of business rules. The Office of the Comptroller of the Currency (OCC) also fined the Bank of America, N.A. $60million for violations of law relating to its practice of assessing multiple overdraft and insufficient funds fees against customers for a single transaction.
Financial services that are fined multi-million dollar fines for compliance, ethics, or conduct violations usually face serious consequences that range from losing professional accreditation to lengthy custodial sentences.
Although conduct is not at the top of the table, financial authorities have clearly been shifting their focus to conduct and ethics in recent years. Regulators have been developing tools and frameworks specifically designed to assess and improve conduct and ethics. Besides, there is a rise in demand for consumer protection, consumer rights which also influences this trend and pushes for more stringent regulation and consequently, enforcement action.
Fostering a culture of compliance
Financial services, in their turn, have started to acknowledge that the quality of consumer services is directly impacted by internal ethics, and internal behaviour.
“In regulatory monitoring, teams spend 75 per cent of their time reading irrelevant regulatory updates, that is 75 per cent of the time that could be spent on value-add tasks. On the other side, creating an effective compliance program is challenging due to the complexity of the regulatory environment and the use of outdated tools or even the lack of tools at all,” said Evgeny Likhoded, president at Corlytics.
“Enforcement actions highlight that firms are still struggling with those challenges and it is vital to use technology to strengthen regulatory compliance and change management. We see a future where smart regulations can be embedded into internal compliance programs fostering the culture of compliance being embedded into the organisation.”