Corlytics data shows regulators are penalising individuals over institutions
New data from Corlytics – the global leaders in regulatory risk intelligence – indicates that regulators are increasingly focusing on infringements by regulated individuals at firms, rather than the firm itself. This is especially true of European and Asian regulators.
The Corlytics Barometer, which this issue focuses on global economic crime, reveals that enforcement action for sanctions and tax evasion are exclusively handed out by US regulators, whereas bribery and anti-money laundering (AML) are higher up the watch list for European and Asian regulators.
Although the number of fines have increased over the last 12 months, the average value of each fine has decreased. This is partly due to a few very large fines issued by the US regulators (predominantly the Office of Foreign Assets Control) in 2014. These were mainly for sanctions and Anti-Money Laundering and Banking Secrecy Act (AML/BSA) breaches.
US regulators tough on foreign banks
Corlytics uncovered a significant finding for banks operating outside of their originating jurisdiction. UK, French, German and Swiss banks with branches in the US have paid almost 40 per cent of the fines related to economic crime in the US.
Economic crime involves serious criminal acts committed both by senior individuals at institutions, as well as the institutions themselves. Many regulators have focused on infringements by regulated individuals at firms, rather than the entire firm. This is especially true of European and Asian regulators. Enforcement involving criminal convictions, and imprisonment for individuals is very much on the increase in the UK, Hong Kong and Australia.
There is an emerging hierarchy of financial penalties for firms by regulatory category. Globally, crimes involving sanctions accounted for more than USD $1.77 in every USD $5 fined – down from USD $2 in every USD $5 from examined data since 2009. This indicates that sanctions violations may be beginning to come under control.
Sanctions – which equated to USD $13.5 billion for the period – was followed by AML/BSA at USD $8 billion, bribery at USD $7.7 billion, fraud at USD $4.4 billion, tax evasion at USD $2.8 billion, and misappropriation at USD $1.8 billion.
While cyber fraud has constituted a significant part of economic crime, there have been few associated fines in this period. However, this trend is expected to change: firstly, owing to the introduction of the cyber-security regulations by the New York Department of Financial Services (NYDFS) which came into effect in March of this year, and secondly, the launch of the General Data Protection Regulation (GDPR) which comes into effect in May 2018.
Differing penalties for individuals
Sticking with US regulators, the Commodity Futures Trading Commission (CFTC) has the highest fines levied against individuals globally. Accounting for over USD $422 million over the period. Interestingly, for fines against individuals, the average size of a fine for an individual is over USD $6 million.
In the UK, regulators take a different tack, demanding lengthy prison sentences for fraud with associated confiscation orders. In the US, senior individuals are often penalised for economic crime with disgorgements (confiscation of assets gained) together with life-time bans from the industry.
The Australian Securities and Investments Commission (ASIC) levies more individual fines than any other regulator globally, but the amount of these fines at an average of just over USD $15,000 pales into insignificance when compared to the CFTC fines. The Securities and Futures Commission of Hong Kong (HK SFC) is also showing its grit by imposing two huge fines against individuals in the past 10 months; one with a value in excess of USD $10 million and another with a value over USD $11 million.
Penalties by jurisdiction
Corlytics has noted different geographic behaviours from the regulators. In Australia, the UK and Hong Kong the enforcement activity is more focused on individuals. There have been 228 individual cases in total in these territories, versus 29 cases against firms.
Although the US has brought the most cases against individuals to date – in the period, there were 110 individual cases – the focus remains on fining firms, with 444 actions brought during the same period.
The average fine level for firms was higher than individuals in the case of every regulator, except Australia.
The United States is at the fore of punishing economic crime with fines. Responsible for almost 97 percent of total fines by value over the period.
The most frequent violations were in Anti-Money Laundering or Bank Secrecy Act rules, with cases in all jurisdictions, except Australia. Australian regulators covered mostly fraud. The UK mainly covered fraud and bribery.
The United States covered all six financial crime types, with sanctions violations accounting for 40 per cent, followed by fraud at 36 per cent, and both Anti-Money Laundering or Bank Secrecy Act and tax evasion at roughly 10 per cent each by value.
Bank origin penalties
The top 10 European banks have paid USD $13.25 billion in fines to US regulators since 2012. This means that since 2012, 10 European banks have paid 35 per cent of all fines to US regulators.
The average value of each fine is approaching USD $0.5 billion per fine; over 10 times the average that US firms pay to US regulators.
Corlytics shows large fines are decreasing, but for how much longer?
John Byrne, CEO at Corlytics said, “What’s most noticeable across all regulatory categories is the extent to which large fines have decreased. Regulators are beginning to indicate that they are satisfied that financial institutions seem to be addressing economic crime and may have moved their focus to other regulatory categories for the time being.”
However, this does not mean that regulatory scrutiny won’t return to this area in the future.
Large European financial institutions with a presence in North America need to be extremely careful to ensure that they comply in the area of economic crime. There is clear evidence to suggest that they will be treated harshly if they do not.
It looks like regulators are beginning to take a closer look at the senior managers who preside over compliance issues. Byrne continues, “Our data suggests the increased penalties, both financial and non-financial, ensure that senior managers of large financial institutions need to be in full control of the institution’s compliance posture. In relation to financial crime, the future area that organisations need to be most aware of is cyber-security.
“The NYDFS regulations have come into effect and this regulator – even though it’s a state regulator rather than a federal one – has been known to penalise heavily when its regulations are breached. Financial institutions need to ensure that they fully understand their risk exposures in this area.”