It’s been a busy few years for regulatory authorities around the globe. In 2023, global non-compliance fines amounted to a staggering $ 6.6 billion. US regulators alone imposed fines crossing $5 billion, a year-on-year increase of almost 70%. The SEC also reported a 3% increase in enforcement actions with a record 784 filings. Suffice it to say, that regulatory action is increasing both in terms of the number of filings and fine amounts. What can risk management professionals learn from all this? Here’s a look at 6 recent expensive compliance failures with takeaways that can help FIs avoid the crosshairs of regulatory watchdogs.
6 Recent expensive non-compliance fines
Binance - November 2023
Fines imposed: $4.3 billion
Founded in 2017, Binance is the largest crypto trading platform in the world. It had been under investigation by the U.S. Justice Department for running an ineffective AML program and facilitating transactions from and between sanctioned groups. Recently, the company pled guilty to the charges and settled with the Justice Department to pay the $4.3 billion fine, the largest penalty ever issued by the US treasury department. The company’s CEO was also levied with a $50 million personal penalty.
Outcome: As part of the settlement, the company lost its CEO and must now work under a third-party monitor to ensure transparency and compliance. The staggering penalty is regarded as a warning shot fired by regulators to the crypto industry as a whole and could set a precedent for how other companies in this space operate.
XL Fleet Corp - September 2023
Fines imposed: $11 million
XL Fleet Corp, a manufacturer of hybrid electric powertrains was established in 2009. It aimed to transform conventional gasoline-driven trucks and vans into electric-powered ones by retrofitting them with the company’s batteries and motors. Shortly after its initial public offering in 2020, the company reached a valuation of $4 billion. The valuation was partly attributed to its reported $220 million business pipeline and projected revenue of $1.4 billion. Soon after, however, a report alleging that these numbers were grossly inflated was published, triggering an SEC investigation that confirmed the findings.
Outcome: XL Fleet’s stock prices declined and with that, its investors took a loss of 90%. Multiple lawsuits followed. Declining sales led to the company exiting the EV market in January 2023. It has now rebranded itself as Spruce Power Holding Corporation and offers solar energy solutions to its customers.
Credit Suisse - July 2023
Fines imposed: Nearly $400 million
The Credit Suisse saga is a clear reminder that risk and compliance management are non-negotiable, even for banking giants with millions of dollars at their disposal. The Swiss bank’s troubles started with the nearly back-to-back failures of Archegos, a US hedge fund, and Greensill Capital, a supply-chain financing company. The bank had invested heavily in these companies, despite several internal warnings not to do so. The twin crisis led to the loss of over $6 billion of investor money and a consequent loss of reputation and trust they never fully recovered from.
Outcome: Despite several attempts to increase liquidity and investor confidence, the embattled bank remained under financial and regulatory stress. In a historic buyout, the bank was finally purchased for £ 3.2 billion by the UBS group in March 2023. UBS must now pay the fines for Credit Suisse’s risk management failures.
Boeing 737 Max - September 2022
Fines imposed: $200 million
Following two fatal crashes of its 737 MAX aircraft in 2018 and 2019, Boeing faced scrutiny over its corporate governance practices, particularly regarding safety oversight and regulatory compliance. Then in January 2024, the airline came perilously close to another disaster when a door plug flew off mid-flight on yet another one of its aircraft. The incident triggered a DOJ investigation and an FAA (Federal Aviation Administration) audit that uncovered dozens of problems in the manufacturing process. The SEC also opened an investigation into the company and found that it misled investors about the plane’s safety standards.
Outcome: The crisis led to a suspension of 737 MAX production, significant financial losses, increased credit risk for Boeing's creditors, and several lawsuits. The company’s stock has also been on a decline. At present, it is down by around 30%.
Luckin Coffee - December 2020
Fines imposed: $180 million
Established in 2017, Luckin Coffee was hailed as the Chinese equivalent of Starbucks. The company soon attracted heavy VC investment and raised over $2.4 billion in 3 years. It also rapidly expanded with its stores in China soon outnumbering that of Starbucks China and debuted on the Nasdaq in 18 months. However, the meteoric growth came to a grinding halt with the publication of an anonymous report detailing fraudulent accounting practices at the company. After first denying the allegations vehemently, the startup later admitted that it had fabricated over $300 million in sales.
Outcome: Following the disclosure, the startup’s shares dropped by over 80%. It was forced to delist from the Nasdaq and filed for bankruptcy thereafter in February 2021, causing investors to lose billions of dollars. The company emerged from bankruptcy 8 months later with new management and better corporate governance structures in place.
Wirecard - April 2019
Fines imposed: €1.52 million
Wirecard, a German payment company, was founded in 1999. The company grew quickly to be listed on the Frankfurt Stock Exchange within 6 years of its inception. But the rising fintech star had a few skeletons in its closet. These came to light in 2020 when it was discovered that €1.9 billion in cash balances were missing from the company’s accounts. As it turned out, the company had forged client data and earnings to deceive investors and creditors.
Outcome: The company filed for insolvency in June 2020 causing its stock prices to drop by 99% and its creditors to take a € 4 billion hit. A criminal case against 3 key former company executives is still underway.
Lessons for risk management professionals
Financial reporting and evaluations aren’t enough
Financial analysis has and always will be the backbone of risk management. However, as we saw in several examples above, company financials can be fabricated. So, depending on them alone would be like putting all your risk management eggs in one basket. A safer way is to take a global-data-powered, risk-based approach that augments financial analysis with unstructured data analysis. Unstructured data often contains real-time risk-related information. They are leading indicators of risk that can predict future risks much before they show up on the bottom line of a financial statement.
This was the case with Wirecard. A research organization called Zatarra Research and Investigations published a critical report on the company in 2016, four years before its collapse. As we know, investors ignored these early warning signs until it was too late. Luckin Coffee and XL Fleet Corp have similar stories. Both had negative reports come out against them months before their demise. For more information, check out our blog on the importance of leading indicators.
Neither are auditing and rating systems
Risk and compliance professionals consider rating and auditing systems as a pivotal defense against fraud and malpractice. But here’s the reality – external audits uncover fraud only 4% of the time. That’s because audits usually look at a company’s financial statements or collect transaction samples to verify the material evidence presented to them. Both these methodologies do not capture the whole story, can be easily manipulated, and rely mainly on past performance to detect malpractices.
Hence, potential compliance issues can slip under the radar. It happened with Ernst & Young, one of the world’s largest accounting firms, when they failed to detect fraud at Wirecard. The company was later fined over $500,000 for this non-discovery. More recently KPMG and several credit rating agencies also came under fire for giving Silicon Valley Bank and Signature Bank the all-clear just before they collapsed.
Continuous, complete monitoring and automation are key
Present-day AML (Anti-Money Laundering) and CFT (Counter Financing of Terror) laws require that financial institutes monitor and report suspicious activity. Among other things, this necessitates that banks implement enhanced due diligence measures that will allow them to seek out as much information as possible on all their third-party relationships and customers, not just those deemed high-risk. In addition, FIs should also adopt a proactive stance to risk management by continuously assessing and updating their customer risk profiles to adapt to emerging risks and new regulations.
Advanced tech such as AI and Machine Learning can make life easier for risk and compliance teams by standardizing and automating these tasks. Such technology can also bring hidden red flags to the surface, something that Credit Suisse could have benefitted from. The Swiss bank either ignored or didn’t catch many red flags about Greensill Capital before it collapsed.
Conclusion
Whether done on purpose or by accident, compliance violations can be costly. The onus is on risk management teams to implement a proactive approach to meeting current and future regulatory demands. This involves the implementation of extra risk safeguards beyond just financial or audit supervision, continuous risk assessments that include real-time data, and having fully auditable, unbiased processes in place.
Check out how TRaiCE, our AI-augmented risk monitoring platform, can help you uncover risks early and stay compliant in the process. Schedule a demo for more details!
