8 AML Penalties, Fines, and Sanctions + Examples You Should Avoid

January 5, 2023

Throughout the world and within the United States, money laundering is the most common form of financial crime.

The criminal liability for an alleged money laundering activity can vary greatly depending on the nature of the activity, and it is possible for individuals, companies, and other institutions in the case of severe money laundering activities to face jail time if the activities are presumed to be malicious and deliberate.

Violating specific regulations can still be a serious offense, even if there is no malicious intent involved. Money laundering is a very grave issue that the Federal Government and other financial regulators take very seriously, along with funding terrorism and financial fraud.

Money laundering has become one of the most pressing global crimes today, and this section discusses how your organization can remain in good standing with international organizations, including:

Let’s begin with the basics of what the sanctions, fines, and penalties are in anti-money laundering.

New call-to-action

What are Sanctions, Fines, and Penalties in AML?

Financial organizations that are in violation of AML regulations are subject to civil and criminal penalties, ranging from simple fines to jail time. In extreme cases, financial service organizations, countries, and individuals can be sanctioned, which essentially bars FIs from doing business with them.

Organizations are required to monitor sanctions lists and can be fined and penalized for conducting business with countries or businesses that have been sanctioned.

Ultimately, fines, penalties, and sanctions are designed to ensure the ethical and legal standards of the financial industry are upheld. They hold individuals, financial institutions, and countries accountable and protect consumers within the financial services industry.

Regulatory measures against money laundering are aimed at preventing businesses, institutions, and even countries from committing money laundering and terrorist financing. There are global and local regulatory bodies established to prevent money laundering, and each country has different AML penalties and fines. 

The anti-money laundering fines for non-compliance are quite harsh, including but not limited to a monetary fine, loss of credit rating or damaged reputation, temporary or permanent closure of business, and other legal consequences.

With ever-changing AML trends and increasing regulatory crackdowns that follow, it’s essential for FIs to keep pace with AML compliance regulations to avoid legal consequences. In a later chapter, we explore how FIs can build a compliance program that stays compliant—and avoids hefty fines and penalties for violations.

AML Fines, Penalties, and Sanctions to Watch Out For

Governments establish AML compliance regulations that individuals and entities under their jurisdiction must follow. They also carry out regulatory oversight and practical enforcement actions when necessary.

Breaches or violations of these AML regulations can have severe legal, monetary, and reputational consequences for the organizations involved, including punitive fines, criminal proceedings, or sanctioning. 

Sanctioned individuals and entities are placed on blacklists or greylists, marking them as high-risk entities. It’s the responsibility of FIs to ensure they are protecting against sanctioned individuals and entities on their platform.

Given the significance of compliance with the AML sanctions regime, FIs must understand their compliance obligations and the sanctions applicable to their business jurisdiction. Compliance with these obligations is necessary to avoid AML fines and penalties.

Anti-money laundering sanctions violations are a serious threat to national security and foreign relations, and to avoid repercussions, governments impose monetary AML fines and penalties on criminal offenders.

To help you ensure you aren’t exposed to any anti-money laundering fines and penalties, we cover the main acts to understand and adhere to.

1. Bank Secrecy Act

Jurisdiction: United States

The Bank Secrecy Act (BSA) of 1970 is the most significant U.S. law in fighting and preventing money laundering in the United States, and applies to all U.S. financial institutions. The BSA establishes and imposes compliance obligations on FIs within the US, including the provision of documentation (such as currency transaction reports and suspicious transaction reports) to regulators, and implementing a risk-based AML compliance program.

Pursuant to the BSA, AML penalties may be imposed against a financial institution, business, or any of its partners, directors, officers, or employees. Anti-money laundering penalties vary based on the type of breach or violation and the enforcement authority investigating the case.

BSA-related AML criminal penalties include a fine of no more than $250,000, imprisonment for no more than five years, or both. However, if the violation is part of a pattern of any illegal activity involving more than $100,000 in a twelve-month period and involves the violation of another US criminal law, the fine can be up to $500,000, imprisonment for up to ten years, or both.

The maximum BSA-related civil penalties can vary significantly. For example, federal banking regulators have the authority to impose anti-money laundering penalties from $5000 per violation to $1,000,000, or 1% of the assets of a financial institution, whichever is greater, for every day that the violation occurs. These anti-money laundering penalties are primarily assessed for AML compliance program deficiencies, failures to file SARs, or in combination with other BSA violations.

2. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act

Jurisdiction: United States

The USA PATRIOT Act was enacted in response to the attacks of September 11, 2001, and became a law in less than two months after those attacks. The PATRIOT Act is intended to deter and punish terrorist acts in the United States (and around the world) and to enhance law enforcement investigatory tools and powers.

In an effort to clamp down on terrorist funding, this act also introduced measures to target financial crime associated with money laundering and terrorism financing, requiring all banks and financial institutions in the United States to understand their AML compliance obligations pursuant to the USA Patriot Act.

Accordingly, U.S. financial institutions must build their AML compliance program following the requirements given under the USA PATRIOT Act. To adhere to this, FIs must:

  • Establish AML policies, procedures, and internal controls
  • Appoint an AML compliance officer
  • Establish ongoing AML training for employees
  • Perform independent audits of the AML program

The USA PATRIOT Act also impacted existing laws and regulations, specifically, the Money Laundering Control Act of 1986 and the Bank Secrecy Act (BSA) of 1970. FIs that violate or breach the USA PATRIOT Act face fines of either $1 million or double the value of the transaction (whichever is greater).

3. Office of Foreign Assets Control (OFAC)

Jurisdiction: United States

The Office of Foreign Asset Control (OFAC) is the financial intelligence and enforcement agency of the U.S. Treasury Department. It is responsible for administering and enforcing U.S. sanctions. All financial institutions within the U.S. must abide by the OFAC sanctions and relevant regulations.

OFAC considers violations or breaches of the AML sanctions regulations to be a critical threat to national security and foreign relations, and any party in breach of the OFAC sanctions can face serious legal consequences and enforcement actions (unless a proper exemption license is obtained from the U.S. Treasury). AML penalties and fines can reach $20 million, depending on the type of offense, and imprisonment can be as long as 30 years.

Starting in 2020, those in violation of the Trading with the Enemy Act will be subject to anti-money laundering fines of around $90,000 per violation. Those violating the International Emergency Economic Powers Acts may be punished with $308,000. Accordingly, violating the Foreign Narcotics Kingpin Designation Act costs approximately $1.5 million per violation. Depending on the crime and previous convictions, punishments can be severe.

4. EU Anti-Money Laundering Directives (AMLDs)

Jurisdiction: European Union

Since 2015, the EU has adopted an advanced regulatory framework for combating money laundering. Since then, they’ve employed a series of Anti-Money Laundering Directives (AMLDs), which establish regulatory requirements that EU member states must follow. While each member state is responsible for implementing the policies into their legal system in their own way, they are required to meet the minimum standards the EU AMLDs establish.

As of today, six further directives have been issued, and the latest sixth directive (also referred to as 6AMLD) was implemented in June 2021. The 6AMLD aims to empower financial institutions and authorities to do more in the fight against money laundering and terrorism financing by strengthening AML criminal penalties across the bloc, clarifying certain regulatory details, and expanding the scope of existing legislation.

6AMLD extended criminal liability to legal persons and introduced a list of the 22 predicate offenses that constitute money laundering, including environmental crime and cyber crime money laundering, requiring financial institutions to establish safe KYC procedures to identify them.

In addition, the minimum penalty for crimes related to money laundering increased from one to four years in prison. Simultaneously, economic sanctions increased to 5 million euros (and their equivalents in other currencies). The 6th EU AMLD also encouraged authorities to impose stringent AML sanctions.

Financial institutions should develop an understanding of the extended scope that 6AMLD has brought, including new predicate offenses that must be monitored to avoid AML penalties.

5. Proceeds of Crime Act

Jurisdiction: United Kingdom

Money laundering offenses are defined by the Proceeds of Crime Act (POCA), the primary AML regulation in the UK implemented in 2002. Money laundering activities include facilitating money laundering, as well as acquiring and distributing criminal proceeds.

POCA stipulates that all banks and financial institutions shall put in place appropriate anti-money laundering controls to detect money laundering activities. These controls must include measures to ensure that customer due diligence is performed, transactions are monitored, and suspicious activity is reported to the appropriate authorities.

6. The Terrorism Act

Jurisdiction: United Kingdom

POCA is primarily focused on money laundering violations, while the Terrorism Act is primarily concerned with counter-financing terrorism as it pertains to banks and financial institutions. There are also due diligence obligations imposed on the company, as well as monitoring and reporting transactions. 

Originally introduced in 2000, the Terrorism Act has since been amended by the Anti-Terrorism, Crime and Security Act 2001, the Terrorism Act 2006, as well as the Proceeds of Crime Act 2002 (Amendment) Regulations 2007.

7. UK AML Regulations 2017

Jurisdiction: United Kingdom

After POCA and the Terrorism Act, the next vital legislation that prevents money laundering and terrorist financing is the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

There has been a transposition of the obligations from the EU's 5th AMLD through the MLR 2017, which tightens controls in the private sector as well as increases the requirement for firms to implement a written assessment of their AML/CFT risks.

8. Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)

Jurisdiction: Canada

Canada's AML/CFT legislation is set out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). This act was established to combat the laundering of illegal proceeds and the financing of terrorist activities.

A sound and comprehensive compliance program that complies with the PCMLTFA and other relevant regulations is essential to ensure you are able to comply with the requirements of the country in terms of recordkeeping, reporting, customer identification, and KYC as outlined in the legislation. As a reporting entity, you are subject to the PCMLTA. 

The types of entities included here include financial institutions, credit unions, banks, life insurance companies, loan companies, securities dealers, foreign exchange dealers, money services businesses, casinos, real estate companies, and real estate brokers and developers.

8 Notable Examples of AML Fines and Penalties

The act of laundering money is often connected to a number of other common financial crimes, such as tax evasion, asset inflation, drug trafficking, and others. The increasingly complex global financial networks will also be exploited by criminals.

The local government, federal government, and international organizations are capable of monitoring and prosecuting money laundering schemes, depending on the activities' size, scope, and location.

There are plenty of cases where money laundering schemes persist for years before anyone is prosecuted. However, many money launderers do ultimately get caught.

Typically, FIs are fined or penalized for AML failings based on inadequacies in their AML framework, governance, and policies. If AML requirements are not followed, penalties can be severe and prison time may be imposed. Businesses all over the world suffer reputational damage and harsh penalties as a result of insufficient AML compliance each year.

There are a number of reasons why regulatory bodies punish banks, Fintechs, and other FIs, but here are a few of the main ones:

  • An inadequate culture of compliance, values, norms, and ethics
  • Suspicious activity reporting failures
  • KYC, PEP, and CDD risks are not sufficiently assessed
  • AML control vulnerabilities
  • Inadequate gathering of transaction information

To illustrate the true consequences of AML failings, we cover real-life examples of AML fines and penalties that have been issued below.

1. Capital One

The Financial Crimes Enforcement Network (FinCEN) penalized Capital One to the tune of $390 million for deliberate and careless violations of the Bank Secrecy Act in relation to Check Cashing Group. Capital One admitted that between 2008 and 2014 they willfully failed to file thousands of SARs on time (more than 20,000 transactions totaling more than $160 million) and they negligently failed to file thousands of CTRs (more than 50,000 transactions totaling more than $16 billion).

Any designated person who knows, suspects, or has grounds to suspect a client of money laundering or terrorist financing is required to make suspicious transactions reports (STRs). Filings also need to be done within the allotted time frame to ensure no penalties follow. Organizations using Unit21's transaction monitoring solution can monitor customer transactions and use case management to file regulatory reports efficiently.

2. Deutsche Bank

The German-based Deutsche Bank, which provides financial services worldwide, was fined $130 million by the SEC for violating the Foreign Corrupt Practices Act and a commodities fraud scheme. During the investigation, the US Securities and Exchange Commission (SEC) discovered that millions of dollars had been funneled through Deutsche Bank through crimes of bribery and fraud.

Whenever an employee or associated person becomes aware of irregularities that may be considered bribery or money laundering, they must report this to the senior compliance manager. As a result, bad publicity and high penalties can be avoided.

3. BitMEX

After falling short of anti-money laundering (AML) standards and engaging in cryptocurrency trading without regulatory authorization, BitMEX agreed to pay $100 million in fines as part of a settlement agreement with the Financial Crimes Enforcement Network (FinCEN) and the Commodity Futures Trading Commission (CFTC).

If a company facilitates transactions in the cryptocurrency market, it is imperative that the company registers itself with FinCEN for the purpose of obtaining a license to facilitate the transaction, just like any other market intermediary, and to implement a strong anti-money laundering compliance program.


According to the British Financial Conduct Authority (FCA), HSBC was fined $85 million (£64 million) as a result of several failures in the bank's transaction monitoring systems, which were the backbone of the bank's AML processes from March 2010 to March 2018.

There are severe consequences for failing to comply with SAR regulations. These penalties include civil and criminal penalties, such as fines and regulatory restrictions, as well as the loss of a bank's charter as a result. When you fail to file a SAR after discovering information about money laundering based on a disclosure under these circumstances you may commit an offense under:

  • Section 330 POCA – if you're in a regulated industry
  • Sections 337 or 338 POCA – for non-regulated industry

These are known as 'failure to disclose' offenses, and essentially amount to the neglect of a company's AML obligations.

5. NatWest case

In accordance with the AML laws of the United Kingdom, state-backed NatWest, formerly the Royal Bank of Scotland, is the first British bank to be fined by the Financial Conduct Authority (FCA) for failing to prevent money laundering under the guidelines of the AML laws. As a result of the bank's failure to detect and prevent an act of money laundering amounting to £365 million committed by a customer of the bank, it was fined a total of £265 million.

There must be strong controls in place within financial organizations to ensure that transactions are monitored and screened for transactions that are suspicious and handled appropriately. These failures can sometimes lead to money laundering breaches when combined with serious system failures, such as treating cash deposits as checks. Your organization can save a lot of trouble by implementing Unit21's integrated transaction monitoring and fraud detection solution.

6. N26

During 2019 and 2020, N26 was penalized $5 million for failing to file a high number of suspicious transaction reports. N26 had already been cautioned by BaFin and assigned a special commissioner to oversee compliance with KYC and AML rules.

Whenever a reporting entity suspects or has reasonable grounds to suspect that funds are related to criminal activity or are the proceeds of terrorist financing, the Financial Intelligence Unit (FIU) must be notified promptly; as soon as possible but not later than 3 days after the suspicion is raised.

Reporting entities must possess systems for ensuring that reports are made on a timely basis to comply with legal requirements. There are circumstances in which legal requirements or regulatory requirements mandate reporting suspicious activity once a suspicion has been formed. 

That is, once a suspicion has been formed, a report must be filed, and therefore a risk-based approach to reporting suspicious activity under these circumstances would not be applicable.

7. USAA Federal Savings Bank

The Financial Crimes Enforcement Network (FinCEN) conducted a civil enforcement investigation and imposed a Civil Money Penalty of $140 million against USAA Federal Savings Bank (USAA FSB) in March 2022. The BSA determined that regulations were violated with willful intent.

From at least January 2016 through April 2021, USAA FSB willfully failed to implement and maintain an anti-money laundering (AML) program that met the minimum BSA requirements.  

Aside from this, USAA FSB conceded that it willfully failed to report thousands of suspicious transactions involving its customers' financial activity to FinCEN promptly and accurately, including customers using personal accounts for apparent criminal activity.

8. MidFirst Bank

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a Finding of Violation (FOV) to MidFirst Bank (MidFirst) on July 21, 2022, for violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations (WMDPSR). 

MidFirst violated OFAC regulations by maintaining accounts for and processing 34 payments on behalf of two individuals on the Specially Designated Nationals and Blocked Persons list (the "SDN List"). 

MidFirst misunderstood the vendor's frequency of screening new names added to the SDN List against its existing customer base, resulting in violations. Rather than a civil monetary penalty, OFAC determined that a FOV was the appropriate administrative action. 

The FOV emphasizes the importance of ensuring financial institutions take a risk-based approach to sanctions compliance, including when implementing sanctions screening tools, as well as the importance of ensuring that outsourced sanctions compliance services are compatible with the institution's assessment of sanctions risks.

Best Practices for Avoiding AML Fines and Penalties

Regardless of whether an organization has any material knowledge of money laundering or money laundering-related activity, the federal government expects financial institutions to conduct a basic level of due diligence. Failure to meet these standards can result in significant AML fines or even harsher penalties in some cases.

Here are a few tips for improving your compliance program:

Risk-Based Approach to Sanctions Compliance

To develop sanctions compliance programs that comply with OFAC regulations, financial institutions need to be proactive and take a risk-based approach. Regarding sanctions screening, there is no one-size-fits-all solution.

The risk profile of each financial institution may affect the risk tolerance and approach to sanctions compliance. A financial institution's assessment of its sanctions risk should determine how frequently it screens and reviews existing customers and accounts. A risk-based approach to sanctions compliance is a key component of this.

Risk Assessment and Reviews of Systems and Processes

Financial institutions should assess the risks and benefits of the systems and tools in place and should ensure that adequate controls and reviews are in place over the existing systems. This is extremely important, as the ultimate responsibility for compliance with the AML regulations lies on management, whether the systems and tools are developed internally or outsourced.

Investing in Staff Training

Financial institutions should ensure that their employees possess the appropriate qualifications, knowledge, awareness, and understanding of anti-money laundering laws, regulations, and applicable financial sanctions. 

This is especially true of the compliance officer involved in developing and implementing compliance systems, processes, and controls. Investing in capacity building and training of employees is key, as FIs are still susceptible to fines and penalties for non-compliance, whether intentional or negligent.

AML compliance has become more challenging over time as regulations have become more stringent. Financial institutions have faced harsh fines where compliance programs have been deficient.

Criminals are constantly finding new methods and schemes to get away with money laundering, forcing AML regulations to evolve regularly to keep up. Financial institutions will need to make significant investments in reviewing and improving their AML compliance program, ensuring they adapt to tackle the newest AML trends facing their business.

Given the legal significance of the anti-money laundering requirements, it’s essential for financial institutions to establish a compliance program, understand the requirements they have to adhere to, and establish adequate training to avoid fines and penalties related to anti-money laundering policies.

Download Operating System Product Guide

The Key to Avoiding Penalties is AML Software

The fines, penalties, and sanctions associated with anti-money laundering can be catastrophic to your financial institution's ability to conduct business if you are in breach of any of them. To ensure your compliance program actually adheres to AML regulations, it is imperative to integrate a solution like Unit21 into your compliance tech stack.

If you’re ready to learn how to integrate tools into your AML compliance process, read our next chapter—8 Types of AML Software & Solutions + Top Features to Look For—which covers the differences between the many types of AML software out there, and explains how to choose the right ones based on your specific needs.

If you want more detail on what your software needs to be able to identify and protect you from, go back to our detailed rundown of all AML regulations around the world and how to deal with them.

Subscribe to our Blog!

Please fill out the form below:

Related Articles

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations