What Can we Learn From ING’s €3 Million AML Fine in France?

A €3 million fine is the latest in a number of anti-money laundering fines for ING, but what can they and the rest of the sector learn?

At the beginning of March, ING was fined €3 Million for failures in anti-money laundering regulation. It’s the latest major AML case involving European regulators and confirms this will continue to be one of the most serious issues financial firms face over the coming years.

French regulator, Autorité de Contrôle Prudentiel et de Resolution (ACPR), launched a review into ING in 2018. It identified significant shortcomings in ING’s controls to prevent money laundering and issued a fine. ING has said it is committed to improving its compliance and has implemented the required changes.

So, what lessons can others learn? 

1.      Heightened scrutiny

Anti-money laundering is an increasingly important priority for regulators. As we’ve reported in the past, fines for anti-money laundering failures have been rising in recent years. This comes partly because regulators are looking at the issue more closely. They are uncovering deficiencies in operations across all businesses and issuing fines accordingly. Equally worrying is that many companies appear to be making the same mistakes which shows some are not learning the lessons from the past.

2.      Learn and improve

This is not the first time ING has struggled with issues around anti-money laundering. As regulators increase their focus on money laundering, ING’s businesses around the world have faced increased scrutiny both externally and internally.

In 2018, ING was ordered to pay €775million, the largest ever fine from Dutch prosecutors. Repeated offenses can exacerbate penalties from regulators, especially if companies have ignored warnings in the past or indeed, not learned the lesson.

3.      A challenging environment

ING is making progress. Their internal KYC project has been scrutinising their internal processes. In many cases they found provisions were adequate, but they have also uncovered a number of areas of concern. They say they are committed to improving their compliance. However, for a large company working across multiple territories, this can be easier said than done. This type of environment is the perfect example of where RegTech solutions can help. Manual workload is significantly reduced (in most cases, from man-hours down to man-seconds). This enables compliance functions to concentrate their efforts where they are needed most. Companies need to embed compliance and monitoring throughout the organisation, giving all relevant staff the tools required to maintain vigilance. They also need a comprehensive AML plan which reflects their actual business.

4.      Make an effort

Regulators want to see a commitment to making improvements. They want a certain level of transparency and a demonstration of what improvements companies have made. They are somewhat more forgiving of those companies that fail but that have made reasonable efforts to comply. Part of that effort comes from analysing data and learning from others. As we often show with our global regulatory platform, the ability to analyse trends and learn from other cases can be critical in understanding how the compliance environment is moving and learning from the mistakes of others.

5.      The future

Regulatory enforcement is likely to become more severe. In Europe, we will see the introduction of AMLD 6 later in the year, as the EU attempts to update its somewhat patchwork approach to money laundering. In the US, the implementation of the AML Act 2020 will have a major impact. Fines are expected to be higher, and enforcement measures tougher as regulators continue to crack down.

ING is just one of many companies that have found their existing measures are ill equipped to handle the evolving environment. They are having to make changes quickly, update systems, embrace new technology and review their approach. The landscape is advancing swiftly and firms will have to work hard to keep pace. AML threats have increased in recent years, and pandemic restrictions have done nothing to make compliance and monitoring easier. This, coupled with the growing focus from regulators, makes it difficult to maintain security across all operations in all territories.