Some regulatory stats and insights from Corlytics;
Corlytics, one of the market leaders in regulatory risk intelligence and regulatory compliance management, has released a global enforcement fines report for the third quarter of 2023. The enforcement activities have shown a clear increase in the fine amounts imposed ($5.65 billion) as compared to the first 2 quarters of this year ($1.5 billion and $ 2.27 billion respectively).
Fines imposed by the US regulators comprised the bulk of the fines issued in Q3 and accounted for over 85% of the total fines globally, bringing the total global amount for 2023 to $5.65 billion. For example, just recently DWS Investment Management Americas, a subsidiary of Deutsche Bank, faced hefty penalties of $25 million from the US Securities and Exchange Commission (SEC) for lacking an AML program and making misleading ESG claims. The firm has settled the SEC enforcement action.
The top amounts of fines from US regulators were faced by UBS Group issued by the US Department of Justice (DoJ) and the Federal Reserve Board (Fed). Fifteen years after the 2008 financial crisis, UBS agreed to pay $1.44 billion in penalties to settle a civil action alleging misconduct in relation to its underwriting and issuance of residential mortgage-backed securities (RMBS) issued in 2006 and 2007. This was the last case brought by the Justice Department RMBS Working Group which was set up to investigate fraud and abuse in the RMBS market leading up to the 2008 financial crisis. The Fed announced a consent order and another $0.27 billion fine with UBS Group AG, for misconduct by Credit Suisse, which UBS acquired in June 2023.
ABOUT THOSE WHATSAPP MESSAGES DOMINIC…
The SEC has continued to focus on the use of off-channel communications, such as WhatsApp, used by employees of regulated entities. Rounds of penalties were issued in August and September, along with a requirement for those firms to review their policies and procedures for retaining electronic communications. Further regulatory scrutiny is expected and firms should be taking steps to review their policies and employee compliance frameworks.
Risk management deficiencies have also been an area of regulatory focus. In July, the UK Prudential Regulatory Authority (PRA) imposed a record fine of £87 million on Credit Suisse for risk management and governance failures in connection with its exposure to Archegos Capital Management. It was also the first time that the PRA established breaches of four PRA Fundamental Rules. The PRA fine formed part of a global enforcement action, with action also taken by the Swiss Financial Market Supervisory Authority (FINMA) and the Fed and combined penalties of $387.5 million being imposed in the UK and USA.
“Counterparty risk management remains firmly on the regulators’ agenda: in October this year, the Bank of England issued a letter to bank CROs stating that it was disappointed that messages communicated following the Archegos default have not been fully addressed. We are also continuing to see the highest fines in Europe being imposed for breaches of GDPR with the DPC in Ireland fining TikTok €345 million in relation to its processing of children’s personal data,” Susie MacKenzie, Head of Legal & Regulatory Analytics at Corlytics, comments.
Data protection is another emerging significant area with high-profile data breaches such as the historic groundbreaking Q2 2023 GDPR fine surpassing €1.2 billion to Meta from the Irish Data Protection Commission (DPC) influencing the ongoing trend. Companies should be acting to ensure compliance with data protection legislation leading to growing demands for stronger data protection measures. Regulatory bodies in Europe and the US are responding by enacting and enforcing data privacy regulations.
Financial crime and corporate governance continue to be the two categories where most enforcement activity took place, with fines for fraud, money laundering and terrorist financing going up and topping the list of enforcement action in this category. Regulators highlight the importance of having adequate anti-money laundering (AML) systems and controls in place to be able to address the growing threat and sophistication of money laundering.
“In regulatory monitoring, teams spend 75% of their time reading irrelevant regulatory updates, that is 75% of the time that could be spent on value-add tasks. On the other side, creating an effective compliance program is challenging due to the complexity of the regulatory environment and the use of outdated tools or even the lack of tools at all. Enforcement actions highlight that firms are still struggling with those challenges and it is vital to use technology to strengthen regulatory compliance and change management. We see a future where smart regulations can be embedded into internal compliance programs fostering the culture of compliance being embedded into the organisation,” Evgeny Likhoded, President at Corlytics, added.
Corlytics’ forensic analysis of regulatory data is provided by a team of experts to meet today’s requirement to track regulatory activity across the globe. The company provides quarterly updates of global enforcement analytics and this data is charted by amount, by year, by jurisdiction, by regulatory category, by control failings. Get in touch with us if you would like to see the enforcement reports for 2022 or for Q1 and Q2 of 2023 via firstname.lastname@example.org