Menu
Member's Hub
Join us
Member sign in
Login

Key learnings from 2024’s biggest financial crime fines

by James Dodsworth, senior manager, and Eva Koreskova, senior associate - Thistle Initiatives Financial Crime Team

Share this post

2024 brought significant regulatory action, highlighting persistent weaknesses in financial crime controls across the industry. As we enter 2025, we look back at five significant cases from 2024 and the lessons they provide for organisations aiming to strengthen their financial crime frameworks.

Common themes

Analysis of these regulatory fines highlights four persistent weaknesses that continue to challenge the industry:

  1. Inadequate governance, accountability and culture: Ineffective governance and fragmented leadership often resulted in unaddressed vulnerabilities. The lack of clear ownership in key compliance areas, such as transaction monitoring and risk remediation, led to delays in resolving issues. This situation was exacerbated by a culture that prioritised business objectives over compliance and did not empower compliance teams.
  2. Outdated or ineffective transaction monitoring systems: Institutions relied on outdated or poorly configured transaction monitoring systems that did not keep up with evolving risks. These systems failed to identify unusual patterns or start monitoring transactions as soon as accounts were opened.
  3. Sanctions screening failures: Misconfigured screening systems with incorrectly defined parameters have led to compliance gaps. The failure to implement sufficient control mechanisms—such as routine testing, assurance processes, and timely updates to screening lists—has allowed compliance gaps to remain unchecked for extended periods.
  4. Inadequate risk management and due diligence: Institutions faced challenges in ensuring effective customer risk profiling and due diligence, particularly for high-risk clients and correspondent banking relationships. Outdated risk assessments, limited awareness of emerging risks, and failure to adjust processes during operational changes, like customer migrations, left gaps that allowed high-risk transactions to bypass scrutiny.
  5. Insufficient investment in compliance: Organisations failed to allocate adequate resources to AML frameworks, teams, and operational improvements. This lack of investment resulted in outdated systems, backlogs in reviewing suspicious activities, and delays in addressing identified risks. Focusing on expansion rather than compliance has increased vulnerabilities in rapidly growing sectors such as cryptocurrency.

July 2024: CB Payments Limited (Coinbase UK)—£3.5 Million—AML

CB Payments Limited (CBPL), a global crypto-asset trading platform, faced significant regulatory scrutiny due to weaknesses in its financial crime control framework. Following the Financial Conduct Authority’s (FCA) 2020 visit, the FCA imposed a Voluntary Requirement (VREQ) to restrict new high-risk customer onboarding while CBPL remediated its controls. Despite these measures, CBPL breached the VREQ by onboarding and serving 13,416 high-risk customers who deposited $24.9 million in prohibited transactions. This failure occurred due to predominantly operational and technical shortcomings.

Key issues identified:

  • Incomplete engineer instructions: The engineers responsible for implementing the automated onboarding process to ensure compliance with the VREQ were not provided with the finalised version of the VREQ terms, leading to outdated criteria and failure to flag high-risk customers during onboarding through automated risk assessment.
  • Inadequate pre-implementation testing: The VREQ flag’s effectiveness was not thoroughly tested across all systems. Critical products like Coinbase Pro and Coinbase Cards were excluded, enabling 8,183 high-risk customers to bypass restrictions.
  • Delayed compliance monitoring: CBPL failed to establish a formal monitoring framework for over two years, allowing breaches to continue undetected and increasing regulatory risk.
  • Failure to adjust for migration scenarios: High-risk customers migrating from other Coinbase Group entities were not flagged against pre-set criteria to prohibit onboarding, resulting in prohibited transactions continuing through loopholes.

Lessons learned:

  • Clear and consistent communication with engineering teams, including providing complete and finalised implementation requirements, is essential to avoid errors such as misconfigured processes.
  • Thorough pre-implementation testing must cover all systems, products, scenarios, and client onboarding channels to ensure controls function effectively and prevent high-risk gaps, such as bypassing restrictions.
  • A monitoring framework must be implemented without delay and include structured assurance processes, documented procedures, and regular reviews to identify breaches early and mitigate regulatory risks.
  • Control frameworks must be reviewed in light of operational changes, such as customer migrations, to ensure risk assessment thresholds and compliance requirements are consistently applied, preventing high-risk customers from bypassing controls.

August 2024: Nordea Bank—$35 Million—AML

The New York State Department of Financial Services (NYDFS) fined Nordea Bank $35 million for AML compliance failures, including inadequate due diligence on high-risk correspondent banking relationships, insufficient transaction monitoring systems, and its role in facilitating offshore accounts and suspicious transactions linked to money laundering schemes exposed by the Panama Papers.

Key issues included:

  • Deficient AML controls: Nordea’s Baltic branches allowed transactions linked to the Russian and Azerbaijani Laundromats to flow through without proper scrutiny. The lack of proactive escalation protocols and detailed customer risk profiling amplified these deficiencies, creating gaps in AML defences.
  • Inadequate transaction monitoring systems: The bank relied on outdated and poorly calibrated monitoring systems. Specific failures included an inability to flag unusual patterns in cross-border transactions, inadequate thresholds for identifying high-risk activities, and insufficient integration with customer risk profiles. Internal assessments categorised Nordea’s overall AML risk as “critical,” yet systemic upgrades were not prioritised.
  • Systemic oversight failure: High-risk correspondent banks were onboarded without thorough due diligence, including insufficient assessments of their AML frameworks, transaction patterns, and exposure to high-risk jurisdictions. Additionally, the absence of centralised governance meant compliance responsibilities were fragmented, leading to inconsistent application of AML standards across branches.

Lessons learned:

  • Empowered compliance teams must implement robust escalation protocols and maintain updated customer risk assessments tailored to regional and operational risks. Regular updates based on transaction behaviours and emerging threats are essential to identifying and addressing high-risk activities effectively in real time.
  • Transaction monitoring systems must incorporate adaptive thresholds, cross-border transaction typologies, and real-time integration with customer risk profiles to detect high-risk activities effectively. Regular enhancements informed by emerging risks and internal feedback are critical to address systemic vulnerabilities.
  • Centralised governance frameworks must ensure the unified application of AML standards across branches by incorporating detailed correspondent bank assessments, jurisdictional risk analysis, and clear accountability structures to mitigate fragmented compliance responsibilities.

October 2024: TD Bank—$3 Billion—AML

TD Bank was fined $3 billion, including a $1.3 billion penalty from the Financial Crimes Enforcement Network (FinCEN) and a $1.8 billion settlement with the U.S. Department of Justice. The fines were imposed for failing to detect and report suspicious activities, particularly involving high-risk customers. Key deficiencies included weak transaction monitoring, poor customer due diligence, and systemic lapses in compliance with anti-money laundering regulations.

Key issues included:

  • Deficient transaction monitoring and reporting: TD Bank failed to monitor significant transaction types, such as Automated Clearing House (ACH) transfers and peer-to-peer (P2P) platforms like Venmo. This failure stemmed from outdated transaction monitoring systems that lacked tailored scenarios and transaction codes, and management oversight failures to invest in upgrades. As a result, suspicious patterns, including low-value, high-frequency transactions associated with human trafficking, went unnoticed, depriving law enforcement of crucial intelligence.
  • SAR and high-risk client backlogs: TD Bank faced delays in reviewing suspicious activity and closing high-risk accounts. These backlogs resulted from understaffing and resource allocation failures, with management underinvesting in AML staffing and tools despite escalating risks. This prolonged inaction left flagged accounts operational for months, enabling billions of dollars in transactions linked to money laundering and other financial crimes.
  • Insider risks: In 2021, a TD Bank employee facilitated the laundering of narcotics proceeds, opening accounts for shell companies that engaged in funnel account activity worth millions in high-risk jurisdictions. Despite the bank’s awareness of these risks, it failed to implement appropriate controls.

Lessons learned:

  • Deficiencies in transaction monitoring should be addressed by implementing and regularly testing tailored systems designed to identify high-risk transactions. This focus should be on addressing gaps in Automated Clearing House (ACH) and peer-to-peer (P2P) platforms using adequate transaction codes and scenarios.
  • SAR and high-risk client backlogs should be resolved by ensuring sufficient staffing, resources, and streamlined processes to review and report suspicious activities within regulatory timelines.
  • Fostering strong governance, clear accountability, and timely disciplinary actions should mitigate insider risks.

November: Metro Bank—£16.6 Million—AML

The Financial Conduct Authority fined Metro Bank £16.7 million for serious deficiencies in its anti-money laundering controls. Between June 2016 and December 2020, Metro Bank inadequately monitored over 60 million transactions, exposing the institution to significant financial crime risks. These shortcomings arose from flaws in their transaction monitoring framework, heightened by delayed remediation efforts despite early warnings from staff.

Key issues identified:

  • Transaction monitoring gaps: Metro Bank’s automated system failed to monitor transactions from the day an account was opened until the account record was fully processed. Over 60 million transactions, totalling £51 billion, went unmonitored over 4-5 years. The issue arose because the monitoring system required complete account data to be recorded and validated before activating monitoring. This delay left a significant gap where transactions bypassed scrutiny, exposing the bank to financial crime risks.
  • Delayed action on known errors: Junior staff raised concerns about these monitoring gaps as early as 2017 and 2018, but leadership failed to act swiftly. While a partial fix was introduced in July 2019, it was inconsistently applied, leaving coverage gaps until December 2020.
  • Inadequate governance and oversight: The lack of oversight allowed major flaws to persist unaddressed. Despite its scale and potential impact, senior management failed to prioritise resolving the issue. There was no clear accountability or effective governance to address these vulnerabilities promptly.

Lessons learned:

  • Transaction monitoring systems must activate upon account creation or prevent transactions until all required data is provided, ensuring accuracy to flag suspicious activity effectively.
  • Comprehensive testing of data feeds and system configurations is essential to address potential vulnerabilities.
  • Leadership must promptly act on flagged risks and establish clear accountability for compliance with financial crime regulations.

At Thistle Initiatives, we provide tailoredactionable solutions to address your firm’s specific challenges in the financial crime landscape. Our expertise ensures that your business remains compliant, resilient, and well-positioned for growth.

How we can support your firm

Audits and assurance

  • Conduct comprehensive health checks and audits to evaluate your financial crime frameworks and proactively identify gaps.
  • Provide specialised assurance and systems testing to ensure your processes and technology align with regulatory standards and risk environment.
  • Offer support for regulatory enforcement and remediation services to help your firm navigate and recover from enforcement actions.

Advisory services

  • Assist in building a robust financial crime control framework and in developing and refining policies, procedures, and risk assessments.
  • Guide operational enhancements and implement technologies to streamline compliance processes.
  • Deliver targeted training and ongoing advisory support through our MLRO hotline, ensuring that your team remains informed and proactive.

People and outsourcing

  • Supply flexible financial crime resources to address backlogs, remediation projects, or onboarding tasks.
  • Provide outsourced onboarding support to maintain high standards in customer due diligence and anti-money laundering controls.

For enquiries, please contact us at 0207 436 0630 or via email at [email protected].

1_Thistle-Initiatives_Logo_On_White-1
Article by Thistle Initiatives
Visit website

More To Explore

The Payments Association

St Clement’s House

27 Clements Lane

London EC4N 7AE

+44 20 3540 9760
 

© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.

Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.

PA@TheCity Non-Member Guest Policy

Follow us on

Back to main menu

Membership

Our members

Member benefits

Become a member

Merchant Community Membership

Our merchants

Join the merchant community

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.
Sign in
Become a member
Contact us
Careers
Youtube Spotify Twitter Linkedin

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Haven't set up an account yet?
Having trouble logging in?

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?

E-mail us