News & Updates

The European Parliament has adopted a package of laws strengthening the EU’s toolkit to fight money-laundering and terrorist financing.

The new laws ensure that people with a legitimate interest, including journalists, media professionals, civil society organisations, competent authorities, and supervisory bodies, will have immediate, unfiltered, direct and free access to beneficial ownership information held in national registries and interconnected at EU level. In addition to current information, the registries will also include data going back at least five years.

The laws also give Financial Intelligence Units (FIUs) more powers to analyse and detect money laundering and terrorist financing cases as well as to suspend suspicious transactions.

The new laws include enhanced due diligence measures and checks on customers’ identity, after which so-called obliged entities (e.g. banks, assets and crypto assets managers or real and virtual estate agents) have to report suspicious activities to FIUs and other competent authorities. From 2029, top-tier professional football clubs involved in high-value financial transactions with investors or sponsors, including advertisers and the transfer of players will also have to verify their customers’ identities, monitor transactions, and report any suspicious transaction to FIUs.

The legislation also contains enhanced vigilance provisions regarding ultra-rich individuals (total wealth worth at least EUR 50 000 000, excluding their main residence), an EU-wide limit of EUR 10 000 on cash payments, except between private individuals in a non-professional context, and measures to ensure compliance with targeted financial sanctions and avoid sanctions being circumvented.

To supervise the new rules on combatting money laundering, a new authority - the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) - will be established in Frankfurt. AMLA will be charged with directly supervising the riskiest financial entities, intervening in case of supervisory failures, acting as a central hub for supervisors and mediating disputes between them. AMLA will also supervise the implementation of targeted financial sanctions.

The Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) package consists of the sixth Anti-Money Laundering (AML) directive (adopted with 513 votes in favour, 25 against, and 33 abstentions), the EU “single rulebook” regulation (adopted with 479 votes in favour, 61 against, and 32 abstentions), and the Anti-Money Laundering Authority (AMLA) regulation (adopted with 482 votes in favour, 47 against, and 38 abstentions).

The laws still need to be formally adopted by the Council, too, before publication in the EU’s Official Journal. By adopting the law, Parliament is responding to the demands of citizens put forward in the conclusions of the Conference of the Future of Europe, notably proposal 16(1) and 16(2) on preventing tax evasion and cooperating on corporate taxation.

What Are AML Fines?

Without a doubt, awareness of AML compliance is on the rise. Anti-Money Laundering (AML) fines are financial penalties imposed by regulatory authorities. We may attribute this remarkable progress to the potential fines, reputation loss or other legal consequences. Anti-Money Laundering (AML) fines are financial penalties imposed by regulatory authorities. However, the severity of these repercussions is still not always enough to stop these acts all together. In this article, we highlight some of the largest fines in history, the sectors and countries most affected, ways to avoid them, and more.

It wouldn’t be wrong to say that weak Customer Due Diligence (CDD) and Know Your Customer (KYC) are some of the major reasons for AML Penalties. Knowing your customer well from the start of business relationship is a sure way to prevent future risks. It is especially important to conduct proper checks when it comes to dealing with high-risk customers such as PEPs.

Another key reason is failure to monitor transactions. This can happen by using inappropriate, outdated or manual monitoring systems, which can lead to shortcomings in detecting red flags. Even if you successfully detect a suspicious activity and act on it, you are obligated to file Suspicious Activity Reports (SARs). Filing alone is not sufficient, these reports should be timely and complete. Whether willfully or not, processing transactions for sanctioned individuals, countries, or organizations can also result in significant fines. For example, BNP Paribas was fined $8.9B in 2014, due to the bank setting up elaborate payment structures that routed transactions to disguise their origin.

Some other possible reasons are: Compliance program failures, corporate misconduct, and more. The 14 Biggest AML Fines in History

1. BNP Paribas: U.S. sanctions violations We have already covered this in the previous section, but let’s further elaborate on it due to its importance. In 2014, BNP Paribas agreed to plead guilty to criminal charges. The bank deliberately hid thousands of transactions with Iran, Sudan and Cuba for eight years. During an eight year period, senior bank officials were aware of the fact that they were breaking US law. As a result of these violations, BNP Paribas received a record fine of $8.9B.

2. TD Bank Scandal Last year the U.S.’ tenth largest bank, Toronto-Dominion Bank, received a fine of $3.09 billion after pleading guilty to multiple charges. Among these charges, there were conspiracy to violate the Bank Secrecy Act and to commit money laundering. TD admitted that it allowed three money laundering networks to transfer more than $670 million through TD Bank accounts.

3. Goldman Sachs: 1MDB scandal This infamous case revolves around a sovereign wealth fund that was created by the Malaysian government in order to promote economic development. However, billions of dollars were misappropriated from the fund and Goldman Sachs played a key role in this scandal. Goldman Sachs employees allegedly knew about high corruption risks and accepted large personal fees. Regulators held the bank responsible for insufficient AML and due diligence controls. Goldman agreed to settle with the DoJ for $2.9 billion and its Malaysian unit pleaded guilty to a corruption charge.

4. Danske Bank: Money Laundering in the Estonia Branch In 2017, it was revealed that Danske Bank’s Estonian branch had allowed over €200 billion of suspicious transactions to move through its channels. At first this was largely attributed to the lack of communication between Copenhagen and Estonian branch, however in fact it turned out to be highly corrupt because the executive board couldn’t enforce proper communication routes and monitor whether its branches were functioning legally. A lot of repercussions followed this scandal: ten former employees in the Estonian branch were arrested, Estonia closed the branch, the CEO Thomas Borgen resigned and the value of Danske Bank shares was halved. In December 2022, Danske Bank pled guilty and agreed to a $2 billion fine in a case from the Unites States Department of Justice.

5. HSBC – $1.9B (2012): Drug cartel funds, Iran sanctions In 2012, U.S. authorities accused HSBC of not implementing proper controls to prevent money laundering and related crimes. Their evidence showed that HSBC moved billions of dollars in illicit funds through its accounts as well as violating U.S. sanctions against countries like Iran and Sudan. These funds even included drug trafficking and terrorist financing. In 2013, the bank agreed to pay a fine of $1.9 billion to the U.S. Department of Justice.

6. UBS: Risk scoring, ownership failures The U.S. Justice Department alleged that the Swiss bank UBS sold mortgages despite being aware of the fact that they were problematic and noncompliant. The bank agreed to pay a combined $1.4 billion in civil penalties over fraud.

7. Westpac: Ignored red flags In 2020, regulators accused Westpac Banking Corp of 23 million breaches of AML laws. These breaches included ignoring red flags, enabling payments from convicted child sex offenders and high-risk countries. The bank failed to submit reports, monitor risks and make adequate checks. All of this led the bank to agree a $1.3 billion civil penalty for more than 23 million breaches of Anti-Money Laundering laws.

8. Standard Chartered: Iran/Sudan violations Standard Chartered was accused of processing transactions worth $438M during the five year period between 2009 and 2014. The problematic part here is that the majority of these transactions involved Iran-linked accounts. In the end, The U.S. and the UK authorities ordered the British bank to pay $1.1B.

9. Deutsche Bank: Mirror trading with Russia This scandal revealed around the German bank’s Moscow, London and New York offices from 2011 to 2015, in which it bought Russian blue-chip stocks in rubles worth $10B on behalf of clients and sold them at the same price through its London branch. There wasn’t any economic purpose behind these actions, and the bank missed numerous opportunities to detect, investigate and stop the scheme. This resulted in the Deutsche Bank receiving $630 million of fines and requiring an independent monitor to review the bank’s compliance programs.

10. Credit Suisse: Mozambique “Tuna Bond” scandal Tuna Bond scandal started with the company Privinvest and its owner Iskandar Safa allegedly bribing over $100 million to officials in Mozambique, and to Credit Suisse employees for contracts and loans to develop Mozambique’s fishing industry and improving maritime security. Credit Suisse and other banks arranged around $2 billion in loans to fund Mozambican projects and companies. However, these actually consisted of bribes and kickbacks. Also, Mozambican government concealed this debt from its parliament and international donors. In 2021, Credit Suisse paid $475 million in fines to U.S., UK and Swiss regulators and agreed to cancel $200 million in Mozambican debt.

11. Rabobank: Drug cartel laundering The Dutch bank allegedly handled hundreds of millions of dollars in “untraceable cash” from clients linked to the Mexican drug trade. Then these funds were withdrawn through wire transfers, checks and cash transactions. Moreover, the bank allegedly obstructed the investigation. It is worth mentioning that Rabobank had similar violations back in 2006 and 2008. All of these reasons led U.S. Department of Justice to fine Rabobank $369 million.

12. Swedbank: Baltic transaction failures This dirty money scandal resulted in Sweden’s oldest retail bank to see a collapse by third in its share price. The problem stemmed from the bank’s shortcomings in in its Anti-Money Laundering solutions in the Baltics. The bank also ignored the warnings from the FSA, as well as withholding the necessary information. These factors led Sweden’s financial supervisory authority to fine Swedbank a record 4 billion Swedish kronor (approximately $365 million) for the vulnerabilities in AML processes and controls.

13. SEB Bank: AML gaps in Baltics At the 13th place, we see another case of Baltic AML failure. Skandinaviska Enskilda Banken (SEB) and its subsidiary banks in the Baltics failed their AML duties between 2015 and 2019. Even some subsidiaries relied on customers with “a higher risk of money laundering” to prop up their business, and their AML measures definitely were not enough for onboarding these customers. This investigation caused SEB to receive a fine of $107 million by regulators due to failure in identifying money laundering risks.

14. BitMEX: No KYC for years Cryptocurrency exchange BitMex, failed to establish and maintain a proper AML program required by the Bank Secrecy Act. In addition, the exchange didn’t have an adequate KYC program and illicitly allowed U.S. users in its platform. This ended up with BitMex receiving a $100 million fine.

Counter-terrorism authorities have, for years, characterized keeping up with terrorist organizations and their use of digital tools and social media apps as a game of Whac-a-Mole.

Jihadist terrorist groups such as Islamic State and its predecessor al-Qaida, or even the neo-Nazi group the Base, have leveraged digital tools to recruit, covertly finance via crypto, download weapons for 3D printing and spread tradecraft to its followers, all while leaving law enforcement and intelligence agencies playing catch up.

Over time, thwarting attacks and maintaining the technological advantage over these types of terror groups has evolved, as more and more open source resources become available.

Rise in vigilante attacks in US highlight growing online DIY terrorism resources Read more Now, with artificial intelligence – both on the horizon as a rapidly developing technology and in the here and now as free, accessible apps – agencies are scrambling.

Sources familiar with the US government’s counterterrorism efforts told the Guardian that multiple security agencies are very concerned about how AI is making hostile groups more efficient in their planning and operations. The FBI declined to comment on this story.

“Our research predicted exactly what we’re observing: terrorists deploying AI to accelerate existing activities rather than revolutionise their operational capabilities,” said Adam Hadley, the founder and executive director of Tech Against Terrorism, an online counterterrorism watchdog, which is supported by the United Nations Counter-Terrorism Committee Executive Directorate (CTED).

“Future risks include terrorists leveraging AI for rapid application and website development, though fundamentally, generative AI amplifies threats posed by existing technologies rather than creating entirely new threat categories.”

So far, groups such as IS and other adjacent entities, have begun using AI, namely OpenAI’s chatbot, ChatGPT, to amplify recruitment propaganda across multimedia in new and expansive ways. Not unlike the imminent threat it poses to upending modern workforces in dozens of job sectors and is poised to enrich some of the wealthiest people on earth – AI will complicate new public safety issues.

“You take something like a Islamic State news bulletin, you can now turn that into an audio piece,” said Moustafa Ayad, the executive director for Africa, the Middle East and Asia at the Institute for Strategic Dialogue. “Which we’ve seen supporters do and support groups, too, as well as photo arrays that they produce centrally.”

Ayad continued, echoing Hadley: “A lot of what AI is doing is enabling what’s already there. It’s also supporting their capacity in terms of propaganda and dissemination – it’s a key part of that.”

IS isn’t hiding its fascination with AI and has now openly recognized the opportunity to capitalize on what it currently offers, even providing a “Guide to AI Tools and Risks” to its supporters over an encrypted channel. In one of its latest propaganda magazines, IS outlined the future of AI and how the group needs to embrace it as part of its operations.

“For every individual, regardless of their field or expertise, grasping the nuances of Al has become indispensable,” it wrote in an article. “[AI] isn’t just a technology, it’s becoming a force that shapes war.” In the same magazine, an IS author explains that AI services can be “digital advisors” and “research assistants” for any member.

Over an always active chat room that IS uses to communicate with its followers and recruits, users have begun discussing the many ways AI can be a resource, but some were wary. One user asked if it was safe to use ChatGPT for “how to do explosives” but weren’t sure if agencies were keeping tabs on it – which has become one of the broader privacy concerns surrounding the chatbot since its inception.

“Are there any other options?” asked an online IS supporter in the same chat room. “Safe one.”

But another user found a less obvious way around setting off any alarms if they were being watched: by dropping the schematics and the instructions on how to create a “simple blueprint for Remote Vehicle prototype according to chatgpt”. Truck ramming has become a choice method for IS in recent attacks involving followers and operatives, alike. In March, an IS-linked account also released an AI-created bomb making video with an avatar, for a recipe that can be created with household items.

Far-right groups have also been curious about AI, with one advising followers on how to create disinformation memes, while others have looked to AI for the creation of Adolf Hitler graphics and propaganda.

Ayad said some of these AI-driven tools have also been a “boon” to terror groups and their operational security – techniques to securely communicate without prying eyes – such as encrypted voice modulators that can mask audio, which altogether, “can assist with them further cloaking and enhancing their opsec” and day-to-day tradecraft.

Terror groups have always been at the forefront of maximizing and embracing digital spaces for their growth, AI is just the latest example. In June 2014, IS, still coming into the global public consciousness, live-tweeted imagery and messages of their mass executions of over 1,000 men as they stormed Mosul, which caused soldiers in the Iraqi army to flee in fear. After the eventual establishment of the so-called Caliphate and its increasing cyber operations, what followed was a concerted and coordinated effort across government and Silicon Valley to crackdown on all IS accounts online. Since, western intelligence agencies have singled out crypto, encrypted texting apps, sites where 3D printed guns can be found, among others, as spaces to police and surveil.

But recent cuts to counterterrorism operations across world governments, including some by Doge in the US, have degraded efforts.

“The more pressing vulnerability lies in deteriorating counter-terrorism infrastructure,” said Hadley. “Standards have significantly declined with platforms and governments less focused on this domain.”