AML Failures in Banks: What DNFBPs Should Learn
Introduction
Banks have long been at the forefront of Anti-Money Laundering (AML) regulation and enforcement. Over the years, global financial institutions have faced billions of dollars in fines due to compliance failures, weak controls, and governance lapses. While banks operate under strict regulatory oversight, their missteps offer valuable lessons for Designated Non-Financial Businesses and Professions (DNFBPs) — including auditors, accountants, gold and jewellery traders, real estate brokers, and corporate service providers — operating in the United Arab Emirates (UAE).
It examines notable AML failures in the banking sector, their root causes, and the key takeaways DNFBPs must apply to strengthen compliance under UAE AML laws and regulations.
________________________________________
1. Understanding AML Obligations – Banks vs DNFBPs
Both banks and DNFBPs fall under the UAE’s comprehensive AML framework governed by:
• Federal Decree-Law No. (20) of 2018 – on AML and Combating the Financing of Terrorism and Illegal Organisations.
• Cabinet Decision No. (10) of 2019 – Executive Regulations.
• Cabinet Decision No. (16) of 2021 – Administrative Fines for AML Non-Compliance.
While banks are supervised by the Central Bank of the UAE (CBUAE), DNFBPs — such as jewellers, auditors, and real estate firms — are supervised by the Ministry of Economy (MOE).
The key difference lies not in obligations, but in intensity: DNFBPs are expected to implement risk-based controls proportionate to their business size and exposure.
________________________________________
2. Major AML Failures in the Banking Sector
Case 1: Danske Bank – The Largest Money Laundering Scandal in Europe
• What Happened: Over €200 billion in suspicious transactions flowed through Danske Bank’s Estonian branch between 2007–2015.
• Failures:
o Poor due diligence on non-resident clients.
o Lack of monitoring for cross-border transactions.
o Ignored internal red flags raised by auditors.
• Lesson: AML risk assessments and customer due diligence (CDD) must be localized and continuously updated, not generic or centralized.
________________________________________
Case 2: HSBC – Weak AML Culture and Oversight
• What Happened: In 2012, HSBC paid USD 1.9 billion in penalties to U.S. regulators for failing to prevent money laundering by drug cartels and sanctioned entities.
• Failures:
o Ineffective global AML monitoring systems.
o Inconsistent due diligence across jurisdictions.
o Management prioritizing business over compliance.
• Lesson: Compliance culture must start from the top. Business growth should never compromise AML integrity. Boards and management must demonstrate visible commitment.
________________________________________
Case 3: Westpac Bank – Non-Reporting of Suspicious Transactions
• What Happened: Westpac was fined AUD 1.3 billion by AUSTRAC in 2020 for failing to report over 19 million international fund transfers.
• Failures:
o Ineffective transaction reporting systems.
o Delays in suspicious transaction alerts.
o Insufficient technology integration.
• Lesson: Reporting obligations are non-negotiable. DNFBPs in the UAE must file STRs (Suspicious Transaction Reports) and DPMSRs (Designated Precious Metal and Stones Reports) promptly through the goAML platform.
________________________________________
Case 4: Standard Chartered Bank – Poor Sanctions Screening
• What Happened: Fined USD 1.1 billion by U.S. and UK regulators in 2019 for breaching sanctions against Iran and other restricted countries.
• Failures:
o Outdated screening software.
o Lack of periodic review of sanctions lists.
o Poor understanding of cross-border exposure.
• Lesson: Regular sanctions screening against UN, OFAC, EU, and UAE lists is essential for all DNFBPs, especially those engaged in international trade or cross-border clients.
________________________________________
3. Key Root Causes Behind AML Failures in Banks
1. Weak Risk Culture: Treating AML as a compliance formality rather than an organizational priority.
2. Inadequate Risk Assessments: Failing to evaluate inherent risks linked to customers, geography, and products.
3. Fragmented Technology: Disconnected systems leading to gaps in monitoring and reporting.
4. Poor Training and Awareness: Staff unable to identify suspicious patterns or red flags.
5. Lack of Management Accountability: Senior leadership uninvolved in compliance oversight.
Each of these root causes has direct relevance for DNFBPs operating in the UAE, where AML frameworks are still evolving but enforcement is increasing rapidly.
________________________________________
4. Lessons DNFBPs Can Learn from Banking AML Failures
Lesson 1: Develop a Comprehensive AML Risk Assessment
Every DNFBP must conduct a formal, documented AML risk assessment covering:
• Customer risk,
• Product/service risk,
• Geographic risk, and
• Delivery channel risk.
This assessment must be updated annually or upon significant operational changes.
Generic templates are not sufficient — regulators expect assessments tailored to each business model.
________________________________________
Lesson 2: Implement Strong Customer Due Diligence (CDD)
Before entering a business relationship, DNFBPs must:
• Verify customer identity and beneficial ownership.
• Identify Politically Exposed Persons (PEPs).
• Determine the source of funds and wealth for high-value transactions.
Enhanced Due Diligence (EDD) must be applied to foreign clients and high-risk sectors.
________________________________________
Lesson 3: Strengthen AML Governance
DNFBPs should appoint a qualified Compliance Officer/MLRO responsible for:
• Reviewing risk assessments.
• Overseeing goAML reporting.
• Coordinating AML training and audits.
• Reporting directly to senior management.
Regulators expect visible governance and board-level engagement in AML decision-making.
________________________________________
Lesson 4: Embrace Technology for Monitoring and Reporting
Just as banks rely on transaction monitoring systems, DNFBPs must adopt simplified RegTech solutions that enable:
• Real-time sanctions screening.
• Digital CDD verification.
• Automated risk scoring and red-flag alerts.
Technology reduces errors and strengthens compliance efficiency.
________________________________________
Lesson 5: Create a Culture of Compliance
Culture drives conduct. DNFBPs must instill AML responsibility across every level — from sales teams to accountants.
Regular training programs, internal audits, and management reviews are essential for maintaining regulatory readiness.
________________________________________
5. The UAE’s Enforcement Focus on DNFBPs
The Ministry of Economy (MOE) has made AML supervision of DNFBPs a top national priority.
Since 2022, the MOE has:
• Conducted thousands of inspections across gold, real estate, and accounting sectors.
• Issued millions of dirhams in penalties for non-compliance.
• Referred repeat offenders for public prosecution.
Common violations include:
• Failure to register on goAML.
• Lack of AML policies or MLRO.
• Missing CDD documentation.
• Failure to file STR/DPMSR reports.
The message is clear — compliance negligence will not be tolerated.
________________________________________
6. Building a Bank-Grade AML Framework for DNFBPs
To align with best practices:
1. Risk Assessment: Identify and classify risks across all operations.
2. Policies and Procedures: Develop comprehensive AML manuals covering CDD, EDD, record-keeping, and reporting.
3. goAML Compliance: Register and maintain an active profile.
4. Training: Conduct annual AML training for all employees.
5. Independent Review: Perform AML audits periodically to evaluate control effectiveness.
These steps ensure alignment with both UAE regulations and FATF recommendations.
________________________________________
Conclusion
Banks’ AML failures offer DNFBPs a clear roadmap of what not to do. The recurring theme in every scandal — from Danske Bank to HSBC — is weak governance, poor risk assessment, and lack of accountability.
For UAE DNFBPs, this is a call to action:
Treat AML as a strategic priority, not an administrative task.
By implementing risk-based frameworks, embracing technology, and fostering compliance culture, businesses can protect themselves from fines, reputational harm, and regulatory scrutiny — while contributing to the UAE’s goal of becoming a global model for financial integrity.
________________________________________
About Sheikh Anwar Accounting & Auditing LLC
Sheikh Anwar Accounting & Auditing LLC (MOE Entry No. 5817) is a Ministry of Economy–licensed audit and compliance firm specializing in AML/CFT audits, goAML registration, risk assessments, and AML training programs across the UAE.
We help DNFBPs build strong AML frameworks aligned with UAE regulations and FATF standards, ensuring they remain regulator-ready at all times.
📍 Office: Dubai Creek Tower, M-35, Dubai, UAE
📞 Phone: +971 4 000 0000
📧 Email: info@sa-auditors.com
🌐 Website: www.sa-auditors.com
Popular Blogs
