When a Fine is NOT Fine

In this blog I endeavour to look at some recent regulatory fines that have been handed out and look at what financial institutions (FIs) could have done to possibly avoid, or at least reduce, them.

You’ve all heard the one about the chap who returns to his car to find a Parking Fine ticket, to which he thinks “Great, my parking is fine!”. Now, I make no excuse for including a dad joke here as I believe it helps to make a point around how blasé some people, or institutions, can be regarding what is acceptable versus what isn’t.

As you can possibly imagine, I’m no fan of parking fines however they imply that the recipient has done something wrong; usually they’ve parked somewhere that they shouldn’t have or they’ve parked there for too long. Either way, the argument is that they are being inconsiderate to other road users and deserve everything they get.

How does this relate to the financial services industry, I hear you ask! Well, individuals, institutions or industries that can’t regulate themselves tend to require the oversight of a government-backed body that sets the rules and the tone. Motorists who are unable or unwilling to follow the rules of the road get fined. FIs who are unable or unwilling to follow the rules of the industry get fined. It’s as simple as that. Motorists, like FIs, are not sufficiently capable of policing themselves. There, I said it.

Running an Effective Compliance Function isn’t Cheap

Yes, yes. I know and, chances are if you’re reading this blog, you probably know it too. But how long do you think you could run a really effective compliance function for if you had a budget of, oh I don’t know, say $150m? Probably quite a long time, I would suspect.
We all know that good employees with relevant experience don’t come cheap, but they’re usually worth it. Similarly, screening tools with good functionality don’t come cheap either, but they’re usually worth it too. Perfect examples of good costs versus bad costs, or facilitators versus inhibitors if you will.

What is starting to become apparent is that more and more FIs are taking a more realistic approach to things like reputational risk and how best to manage it. There are inherent issues that relate to certain industries and jurisdictions but, so long as you have identified, understood and mitigated the risks, you should be fine.

It might surprise you to know that the world’s largest food company, Nestlé, operates without issue in Iran, providing water, infant cereals and formula, amongst other things. Hang on a minute, isn’t Iran the subject of OFAC sanctions? Yes, of course it is, however it’s easy to simply de-risk from a situation if all the facts aren’t fully understood and considered.

I accept that each FI will have its own risk appetite regarding matters such as this and that is, of course, their prerogative. However, Nestlé “…continue to closely follow political developments regarding sanctions against Iran.” In their most recent comment on this topic, they state, “There are no direct implications for our business at this stage.”

What Would You Do if You Knew?

We have to accept that the answer to this question could be nothing i.e. “Yeah, so you’ve notified us about a potential reg flag for this client, but we’re going to make loads of money out of this connection so we don’t really care.” It could however be a situation that the screening alert produced would be considered actionable i.e. either we don’t onboard the prospect, or we ask the existing client to find alternative bankers.

In the first instance, or where institutions don’t have the information to start with, a massive gamble is being taken. Not just because they run the risk of regulatory actions, fines, cease and desist orders and reputational damage etc, but because they aren’t doing the right thing in terms of stopping criminals gaining access to the world’s financial systems. Yes, screening solutions are expensive but they don’t cost billions.

How to Avoid or Reduce Penalties

There is a growing feeling within the compliance world that simply adhering to regulations is not enough to stop money launderers or terrorist funders. The Wolfsberg Group recently published a paper that focused on effectiveness of compliance functions and spoke about information of use being provided to law enforcement agencies. This is somewhat of a departure from the traditional mindset that exists in many FIs which is something along the lines of “So long as we stick to the regulations, we’ll be fine.”

Scientia potentia est – which loosely translates from Latin as ‘knowledge is power’ – is only partially correct in my considered opinion. Knowledge on its own is not powerful, it is the application of that knowledge that is. Knowing that a tomato is a fruit is knowledge, not putting it in a fruit salad is powerful. Being able to review screening alerts provides some knowledge, acting upon them is powerful.

So, in conclusion and to (probably mis)quote former German statesman Otto von Bismarck, “Only a fool learns from his own mistakes. The wise man learns from the mistakes of others.”