Largest Penalties Paid by Banks for Sanctions and AML Failures: Cases and Reasons

Source:

Data is sourced from regulatory bodies (e.g., U.S. Department of Justice, Financial Crimes Enforcement Network, Office of Foreign Assets Control, UK Financial Conduct Authority) and credible publications like Financial Crime News (2025) and Sanction Scanner (2025). Specific cases are cross-referenced with official press releases.

Content:

Anti-money laundering (AML) and sanctions regulations are critical to maintaining the integrity of the global financial system, preventing illicit funds from supporting crimes like drug trafficking, terrorism, and sanctions evasion. Violations of these regulations, often due to inadequate compliance programs or willful negligence, have led to substantial penalties for banks. Below, we outline the largest penalties paid by banks for AML and sanctions failures, their reasons, and the timelines, ensuring factual accuracy to address the sensitivity of reputational issues. All figures are in U.S. dollars unless stated otherwise, and cases are limited to banks (excluding non-bank entities like cryptocurrency exchanges).

Largest Penalties Paid by Banks for AML and Sanctions Violations

1. TD Bank (2024) – $3.09 Billion

   • Timeline: October 10, 2024

   • Reason: TD Bank, a major U.S. subsidiary of Canada’s Toronto-Dominion Bank, pleaded guilty to violations of the Bank Secrecy Act (BSA) and conspiracy to commit money laundering. The bank failed to maintain an effective AML program, neglecting to monitor $18.3 trillion in transactions between 2014 and 2024. This allowed over $670 million in illicit funds, including proceeds from Chinese organized crime and Mexican drug cartels, to flow through its accounts. Specific failures included inadequate customer due diligence (CDD), failure to file suspicious activity reports (SARs), and weak transaction monitoring systems. The penalty included $1.8 billion from the U.S. Department of Justice (DOJ), $1.3 billion from the Financial Crimes Enforcement Network (FinCEN), and additional fines from the Office of the Comptroller of the Currency (OCC) and the Federal Reserve. This is the largest BSA penalty in U.S. history.

   • Source: DOJ Press Release, October 10, 2024; FinCEN Consent Order, October 10, 2024; Financial Crime News, February 21, 2025

   • Impact: TD Bank faced a cap on U.S. retail banking growth and significant reputational damage, with shares dropping 5% post-announcement.

2. HSBC (2012) – $1.9 Billion

   • Timeline: December 11, 2012

   • Reason: HSBC Holdings settled with U.S. authorities for violations of the BSA, Trading with the Enemy Act (TWEA), and International Emergency Economic Powers Act (IEEPA). The bank facilitated money laundering for Mexican and Colombian drug cartels, processing $881 million in illicit funds through its U.S. operations between 2006 and 2010. HSBC also bypassed sanctions by processing transactions for clients in Iran, Cuba, Sudan, Libya, and Burma, using “stripping” techniques to hide sanctioned entities’ identities. Failures included inadequate KYC/CDD, weak transaction monitoring, and deliberate non-compliance with U.S. sanctions. The penalty was paid to the DOJ, FinCEN, and the Office of Foreign Assets Control (OFAC).

   • Source: DOJ Press Release, December 11, 2012; Sanction Scanner, May 16, 2025

   • Impact: HSBC entered a deferred prosecution agreement (DPA), overhauled its AML program, and faced global scrutiny, though no individuals were prosecuted.

3. Standard Chartered (2019) – $1.1 Billion

   • Timeline: April 9, 2019

   • Reason: Standard Chartered settled with U.S. and UK authorities for sanctions violations and AML failures. Between 2009 and 2014, the bank processed $437 million in transactions involving sanctioned countries like Iran, Syria, Sudan, and Cuba, despite prior warnings from regulators. The bank’s internal controls failed to detect these transactions due to inadequate sanctions screening and KYC processes. Additionally, AML lapses in its UAE and UK operations allowed high-risk clients to move funds unchecked. Penalties were paid to the DOJ, OFAC, New York State Department of Financial Services (NYDFS), and the UK Financial Conduct Authority (FCA). This followed a $670 million fine in 2012 for similar Iran-related sanctions violations.

   • Source: DOJ Press Release, April 9, 2019; FCA Press Release, April 9, 2019; Sanction Scanner, May 16, 2025

   • Impact: The bank extended its DPA, invested $1.7 billion in compliance upgrades, and faced reputational damage as a repeat offender.

4. Danske Bank (2022) – $2 Billion

   • Timeline: December 13, 2022

   • Reason: Danske Bank pleaded guilty to fraud-related charges for a massive money laundering scheme through its Estonian branch from 2007 to 2015. The bank processed €200 billion ($210 billion) in suspicious transactions, primarily from Russian and former Soviet clients, accessing U.S. financial systems without adequate AML controls. Failures included deficient KYC/CDD, lack of transaction monitoring, and ignoring internal whistleblower warnings. The bank misled U.S. correspondent banks about its AML program’s effectiveness. Penalties were paid to the DOJ, Securities and Exchange Commission (SEC), and Danish authorities, with $413 million from FinCEN.

   • Source: DOJ Press Release, December 13, 2022; FinCEN Consent Order, December 13, 2022; Financial Crime News, February 21, 2025

   • Impact: Danske Bank closed its Estonian operations, faced a €228 billion European Commission lawsuit, and saw its CEO resign.

5. Deutsche Bank (2017) – $630 Million

   • Timeline: January 30, 2017

   • Reason: Deutsche Bank was fined by U.S. and UK regulators for laundering $10 billion in illicit Russian funds through its “mirror trading” scheme between 2011 and 2015. The bank facilitated transactions moving funds out of Russia via its Moscow, London, and New York branches, bypassing AML controls. Failures included inadequate KYC/CDD, weak transaction monitoring, and failure to file SARs. The bank also faced $216.1 million in NYDFS fines in 2020 for AML lapses tied to Danske Bank’s Estonian branch and FBME Bank, plus a $186 million Federal Reserve fine in 2023 for unaddressed AML weaknesses. Penalties were paid to the DOJ, FCA, and NYDFS.

   • Source: DOJ Press Release, January 30, 2017; NYDFS Press Release, July 23, 2020; Federal Reserve Press Release, July 19, 2023

   • Impact: Deutsche Bank enhanced its AML team to over 2,000 employees, but its reputation suffered from repeated violations.

6. Wachovia (2010) – $160 Million

   • Timeline: March 17, 2010

   • Reason: Wachovia (now part of Wells Fargo) settled with the DOJ for BSA violations, allowing $110 million in drug trafficking proceeds to be laundered through its correspondent banking services between 2004 and 2007. The bank failed to monitor $378.4 billion in transactions with Mexican casas de cambio, neglecting KYC/CDD and SAR filing requirements. Weak transaction monitoring enabled cartels to move funds undetected. The penalty included a $50 million fine and $110 million in forfeiture to the DOJ.

   • Source: DOJ Press Release, March 17, 2010; Sanction Scanner, May 15, 2025

   • Impact: Wachovia implemented robust AML reforms, but the case set a precedent for larger fines, like HSBC’s in 2012.

7. ING Groep (2018) – $1.18 Billion

   • Timeline: September 4, 2018

   • Reason: Dutch bank ING Groep settled with Netherlands authorities for AML violations between 2010 and 2016. The bank’s weak CDD and transaction monitoring allowed hundreds of millions in illicit funds, including $150 million linked to Russian clients, to pass through its accounts. Failures included inadequate risk assessments, failure to report suspicious transactions, and systemic compliance deficiencies. The penalty was paid to the Dutch Public Prosecution Service, marking the largest AML fine in the Netherlands.

   • Source: Dutch Public Prosecution Service Press Release, September 4, 2018; Sanction Scanner, May 16, 2025

   • Impact: ING’s CEO resigned, and the bank invested €775 million in AML enhancements.

8. Santander UK (2023) – £107.7 Million ($137 Million)

   • Timeline: January 11, 2023

   • Reason: Santander UK was fined by the FCA for repeated AML control failures between 2012 and 2017. The bank’s inadequate transaction monitoring and KYC/CDD systems allowed £300 million in suspicious transactions to go unreported, including funds linked to high-risk jurisdictions. Despite prior FCA warnings, Santander failed to remediate issues, exposing the UK financial system to money laundering risks.

   • Source: FCA Press Release, January 11, 2023; Financial Crime News, February 21, 2025

   • Impact: Santander invested £500 million in compliance upgrades, but its UK reputation was tarnished.

Key Reasons for Penalties:

• AML Failures:

  • Inadequate KYC/CDD: Banks failed to verify customer identities or assess risks, as seen in TD Bank’s $670 million laundering case and Danske Bank’s €200 billion scheme.

  • Weak Transaction Monitoring: Insufficient systems to detect suspicious activities, as in HSBC’s $881 million cartel funds and ING’s $150 million Russian flows.

  • Failure to File SARs: Banks neglected to report suspicious transactions, as with Deutsche Bank’s $10 billion mirror trades and Santander’s £300 million unreported funds.

  • Non-Remediation: Repeated violations despite warnings, as in Standard Chartered’s 2019 fine and Deutsche Bank’s 2023 penalty.

• Sanctions Violations:

  • Processing Prohibited Transactions: Banks handled funds for sanctioned countries (e.g., Iran, Cuba) or entities, as in HSBC’s and Standard Chartered’s cases.

  • Bypassing Sanctions: Techniques like “stripping” to hide sanctioned parties’ identities, as HSBC did for Iranian clients.

  • Inadequate Screening: Failure to check against sanctions lists, as in Standard Chartered’s $437 million sanctioned transactions.

Global Trends and Impact:

• Penalty Scale: AML and sanctions fines on banks totaled $45.679 billion from 2000 to 2024, with $28 billion in AML fines and $18 billion in sanctions fines. 2024 saw $3.3 billion in AML fines, driven by TD Bank’s record penalty.

• Regulatory Focus: U.S. regulators (DOJ, FinCEN, OFAC, NYDFS) lead enforcement, with the EU, UK, and Netherlands increasing scrutiny. The BSA, USA PATRIOT Act, and EU’s 6th AML Directive (6AMLD) underpin penalties.

• Reputational Damage: Fines erode trust, as seen in HSBC’s global scrutiny and Danske Bank’s Estonian closure. Share prices often drop (e.g., TD Bank’s 5% decline).

• Compliance Costs: Banks invested billions post-fines (e.g., Deutsche Bank’s 2,000-employee AML team, ING’s €775 million upgrades).

• Criminal Activity Enabled: Violations facilitated drug trafficking (TD Bank, HSBC), Russian laundering (Danske Bank, Deutsche Bank), and sanctions evasion (Standard Chartered), threatening financial system integrity.

Lessons for Banks:

• Implement robust KYC/CDD and real-time transaction monitoring systems.

• Ensure timely SAR filings and sanctions list screening.

• Address regulatory warnings promptly to avoid repeat fines.

• Invest in compliance training and technology, like Sanction Scanner’s real-time tools.

Conclusion:

The largest bank penalties for AML and sanctions failures, from TD Bank’s $3.09 billion in 2024 to HSBC’s $1.9 billion in 2012, highlight systemic weaknesses in compliance programs. Failures in KYC/CDD, transaction monitoring, SAR reporting, and sanctions screening enabled billions in illicit funds to flow, prompting unprecedented fines and reputational harm. Banks must prioritize robust AML and sanctions compliance to avoid such penalties and protect the financial system.