top of page

Lessons learned from AML penalties issued in 2023

This article appears as the "Discussion of the month" topic in AML News and Updates Newsletter - January 2024 edition which can be found here 

2023 was a year marked by a series of hefty financial penalties imposed on regulated entities across various industries.

These penalties, ranging from millions to billions of dollars, served as reminders of the consequences of failing to comply with regulatory requirements and prioritizing compliance.

A judge issues an AML penalty

Noteworthy penalties issued in 2023

Lets examine the top five financial penalties of 2023, exploring the reasons behind these enforcement actions and the key lessons that we can learn to prevent similar mistakes in the future.

  • Binance

Penalty: more than $4 billion as per U.S. Department of Justice’s announcement for:

👉  Money laundering

👉  Violation of sanctions

👉  Unlicensed money transmitting

👉  Failure to maintain an AML program

👉 Non-reporting of thousands of suspicious transaction reports.

Lessons learned:

Crypto entities should ensure that they understand and comply with all applicable regulations, including anti-money laundering (AML) regulations.

More specifically they should among others:

✅ Implement a comprehensive AML program

✅ Perform adequate risk assessments to understand their risk exposure

✅ Establish effective transaction monitoring procedures

✅ Identify red flags and report suspicious activity.

  • Crown Resorts

Penalty: $450 million by AUSTRAC for:

👉  Failure to perform risk management for money laundering and terrorist financing

👉 Failure of oversight of AML/CFT program.

👉  Failure to establish a risk-based transaction monitoring program.

👉  Failure of implementing enhanced due diligence on high risk customers (EDD).

Lessons learned:

Casinos and gambling entities are facing increased scrutiny from regulators. As a first step, they need to understand AML requirements and establish effective AML and counter-terrorism financing (CFT) programs in place.

More specifically they should among others:

✅ Establish robust AML and CFT programs tailored to their specific risk profiles.

✅ Implement effective oversight of their AML/CFT programs.

✅ Employ a transaction monitoring system.

✅ Implement enhanced scrutiny on high risk customers

  • Deutsche Bank

Penalty: $186 million by the U.S. Federal Reserve Board for:

👉 Deficient anti-money laundering internal controls and governance processes

👉 Insufficient remedial progress under the 2015 and 2017 OFAC and AML consent orders related to the Estonian branch of Danske Bank.

Lessons learned:

Financial institutions should implement risk-based diligence when offering correspondent services and ensure that the correspondent accounts are not misused by the respondent bank’s customers. Additionally, take immediate measures, especially when weaknesses are identified by regulators.

More specifically, when offering correspondent services they should among others:

✅ Assess the AML program of the respondent institution.

✅ Conduct transaction monitoring on the correspondent accounts to identify suspicious transactions.

✅ Implement random checks on the respondent institutions due diligence measures.

✅ React immediately to regulators’ orders.

  • William Hill: £19.2 million By the UK Gambling Commission

Three gambling businesses owned by William Hill Group will pay a total of £19.2 million for social responsibility and anti-money laundering failures as follows:

👉  Customers were able to deposit and lose large sums of money without adequate scrutiny.

👉 Customers were able to place large bets without being scrutinized or monitored.

👉  Policies and procedures did not provide clear instructions on how to act on the  results of customer profiling.

👉  Procedures and controls did not prevent customers from spending more money before risk profiling was completed.

👉 Training for AML staff did not provide enough information on risks and how to manage them.

Lessons learned:

Gambling companies must take social responsibility and AML compliance seriously.

More specifically they should among others:

✅ Implement scrutiny on customers who deposit and lose large sums of money.

✅ Establish clear policies and procedures to take action based on the results of customer profiling.

✅ Implement mechanisms to prevent customers from transacting before risk profiling is completed.

✅ Ensure AML staff receive comprehensive training on risk identification and management.

  • Guaranty Trust Bank (UK) Limited

Penalty: £7,671,800 by the Financial Conduct Authority (FCA)

The FCA imposed the penalty for weaknesses in the bank’s AML systems and controls between October 2014 and 2019. The weaknesses include:

👉  Failure to undertake adequate customer risk assessment.

👉 Not assessing or documenting the money laundering risks posed by its customers.

👉  Failure to monitor customer transactions and business relationships.

Lessons learned:

Regulated financial institutions must implement robust and comprehensive AML systems and controls.

More specifically they should among others:

✅ Undertake thorough customer risk assessments

✅ Identify and prioritize high-risk customers.

✅ Document the money laundering risks posed by each customer to ensure consistent and effective risk management.

✅ Continuously monitor customer transactions and business relationships to detect any suspicious activities or patterns.


A close look at these fines reveals common themes that emphasize the importance of understanding risk, prioritizing compliance, and continuously improving within regulated organizations.

Let’s learn from these enforcement actions to enhance the risk management practices of entities, strengthen their compliance programs, and foster a culture of responsible conduct.

Hope all regulated entities take the lessons and act today!


bottom of page