New US financial crimes rules intensify risks for non-US banks
Significant revisions to US anti money-laundering (AML) rules intensify financial crime risks for non-US banks by increasing the scope of potential investigations by the US government and raising financial penalties, according to Fitch Ratings.
Any weaknesses in governance could be ratings relevant but increased enforcement raises the potential for sanctions and fines that can have more meaningful consequences for ratings. Lower tolerance of governance failures from a wide range of stakeholders reinforces Fitch’s view that governance and financial crimes risks, along with associated penalties and indirect business costs, are becoming more punitive for banks globally.
The National Defense Authorization Act of 2021 (NDAA) grants the Dept. of Justice (DoJ) and the U.S. Treasury significant new powers to subpoena non-US bank customer records stored outside the US if the non-US bank maintains a US correspondence account.
The requests may cover any account, regardless of the US correspondent account’s involvement. Consequently, non-US banks may see increased use subpoenas relating to AML, sanctions, foreign corrupt practices, trafficking and tax evasion offences.
The NDAA expands the extraterritorial nexus of the US financial crime investigative authority by barring subpoena quashes solely due to conflicts with foreign confidentiality and privacy laws. In addition to forcing US banks to terminate correspondent banking relationships if the non-US bank fails to comply with a subpoena, civil penalties of up to USD50,000/day can also apply to the non-US bank, with additional penalties beyond 60 days.
Increased penalties for Bank Secrecy Act and AML violations include three times the profit gained or loss avoided or two times the maximum penalty for the violation. Indirect remediation costs are often multiples of the initial fines due to increased compliance and other business costs. Although fines may not in and of themselves result in direct credit rating actions, they can trigger reputational damage and signal failings with a bank’s governance and risk management frameworks.
Fitch Ratings, public authorities, consumers and ESG-aware investors are also increasingly conscious of the social impact of the institutions they do business with and are less tolerant of transgressions that can lead to ratings actions.
Fitch revised the Rating Outlook of Commonwealth Bank of Australia (CBA) to Negative in May 2018 due to domestic AML issues via ATM deposits, with an ESG score of 4 later observed for customer welfare risks, and an ESG score of 5 for governance structure.
Fitch downgraded Wells Fargo’s IDR to A+/Stable in October 2017 due to diminished earnings profile and risk governance and control issues, latterly observing an ESG score of 4 for the same. And the agency revised the Rating Outlook of Danske Bank (A) to Negative in September 2018, reflecting deficiencies of the bank’s anti-money laundering controls, in particular in its Estonian non-resident portfolio.
The NDAA amendments signal the US’s intention to maintain a muscular approach to extraterritorial financial crime enforcement and rule setting, with North American banks facing steep fines for governance failings. Other countries are expanding efforts by focusing on cross-border coordination.
Eight Nordic-Baltic countries (Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway and Sweden) are analysing regional money laundering and terrorist financing threats and vulnerabilities given the interconnectedness of financial systems and cross-border banking networks.
The Financial Action Task-Force recently issued a warning regarding new opportunities for crimes and money-laundering associated with the coronavirus crisis via exploitation of economic support schemes and medical supplies.
Enforcement of governance and financial crime risks could particularly become more relevant for smaller commercial banks with a larger proportion of non-resident clients, and larger banks within countries subject to US sanctions.
Non-US banks that already have US legal entities with structures and processes in place to meet the already-strict domestic AML requirements will be better prepared than foreign banks with only US correspondent banking relationships.