Global Enforcement Fines Surge to $5.65 Billion in Q3 2023, Marking a 30% Year-to-Date Increase

Corlytics, a leading provider of regulatory risk intelligence and compliance management solutions, has released its Q3 2023 global enforcement fines report, revealing a significant surge in fines to $5.65 billion. This marks a robust 30% increase compared to the cumulative penalties in the previous two quarters ($1.5 billion and $2.27 billion, respectively).

In Q3, the majority of fines originated from US regulators, constituting over 85% of the total global fines. This brings the total global enforcement fines for 2023 to $5.65 billion. Notably, DWS Investment Management Americas, a Deutsche Bank subsidiary, faced substantial penalties of $25 million from the US Securities and Exchange Commission (SEC) for deficiencies in its Anti-Money Laundering (AML) program and misleading Environmental, Social, and Governance (ESG) claims. The SEC enforcement action has been resolved through a settlement.

Evgeny Likhoded, President at Corlytics, highlighted the challenges firms face in regulatory monitoring and compliance program effectiveness. Likhoded emphasized the need for technology to strengthen regulatory compliance and change management, envisioning a future where smart regulations are embedded into internal compliance programs, fostering a culture of compliance within organizations.

Global Regulatory Focus and UBS's Landmark Settlement

A notable recipient of fines from US regulators was UBS Group, subject to penalties from the US Department of Justice (DoJ) and the Federal Reserve Board (Fed). UBS agreed to pay $1.44 billion to settle a civil action related to misconduct in the underwriting and issuance of residential mortgage-backed securities (RMBS) dating back to 2006 and 2007. Additionally, the Fed imposed a $0.27 billion fine on UBS Group AG for misconduct by Credit Suisse, acquired by UBS in June 2023.

The SEC's continued focus on off-channel communications, such as WhatsApp, resulted in penalties issued in August and September. Regulated entities were directed to review their policies and procedures for retaining electronic communications, indicating an anticipated increase in regulatory scrutiny in this area.

Risk management deficiencies drew regulatory attention, exemplified by the UK Prudential Regulatory Authority (PRA) imposing a record fine of £87 million on Credit Suisse in July. This fine, related to risk management and governance failures linked to exposure to Archegos Capital Management, marked the first instance of the PRA establishing breaches of four PRA Fundamental Rules. This global enforcement action resulted in combined penalties of $387.5 million imposed by regulatory authorities in the UK, Switzerland (FINMA), and the US.

Data protection emerged as a significant area, with high-profile data breaches and fines for GDPR violations. The Irish Data Protection Commission (DPC) imposed a groundbreaking fine of over €1.2 billion on Meta in Q2 2023. This trend underscores the growing importance of compliance with data protection legislation, prompting regulatory bodies in Europe and the US to enact and enforce stringent data privacy regulations.

Financial crime and corporate governance remain the leading categories for enforcement activity, with fines for fraud, money laundering, and terrorist financing on the rise. Regulators emphasize the necessity of robust Anti-Money Laundering (AML) systems and controls to address the escalating threat and sophistication of money laundering.

In the UK, a broker affiliate of Archer Daniels Midland faced a £6.5 million fine from the Financial Conduct Authority (FCA) for failing to timely address deficiencies in AML systems and controls.

Failures in culture, conduct, and ethics have also attracted fines, with the US Consumer Protection Financial Bureau (CFPB) imposing a $140 million fine on Bank of America in Q3 for violations of conduct of business rules. The Office of the Comptroller of the Currency (OCC) additionally fined Bank of America, N.A. $60 million for violations related to the practice of assessing multiple overdraft and insufficient funds fees against customers for a single transaction.

While conduct may not be at the top of the enforcement table, regulatory authorities have increasingly shifted their focus to conduct and ethics in recent years. Regulators are developing tools and frameworks to assess and improve conduct and ethics, responding to a rising demand for consumer protection and rights. This trend, coupled with a heightened emphasis on internal ethics and behavior, reflects a broader industry acknowledgment of the impact of these factors on consumer services.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.