Goldman Sachs 2020: $2.9B Enforcement Action

What happened?

Between 2012 and 2013, Goldman Sachs arranged three bond offerings for 1Malaysia Development Berhad (1MDB), a Malaysian state investment fund, raising approximately $6.5 billion. According to the DOJ's October 2020 press release, Goldman earned approximately $600 million in fees from these transactions, well above market rates for comparable sovereign-linked debt work.

Rather than funding legitimate Malaysian economic development, approximately $4.5 billion of the bond proceeds was diverted. The DOJ alleged that Goldman bankers conspired with Malaysian financier Low Taek Jho (known as Jho Low) and officials at 1MDB and the Abu Dhabi sovereign wealth fund IPIC to route these funds through a network of shell companies across Malaysia, the UAE, Singapore, Luxembourg, and the United States.

A substantial portion of the diverted funds was used to bribe government officials in Malaysia and Abu Dhabi, the DOJ alleged, securing Goldman's underwriting mandates. Other funds financed real estate and artwork purchases in the US and, in part, the production of Hollywood films.

The scheme came to light through investigative journalism. The Wall Street Journal published its initial 1MDB reporting in 2015, and formal investigations followed in the US, Malaysia, Singapore, Switzerland, and elsewhere.

Two Goldman bankers faced criminal charges. Tim Leissner, former chairman of Goldman Sachs Southeast Asia, pleaded guilty in 2018 to FCPA and money laundering conspiracy charges. According to the DOJ's press release on Leissner's plea, he agreed to cooperate with US authorities. Roger Ng, a former Goldman managing director, was charged in November 2018. A federal jury convicted him in April 2022 on all three counts, including FCPA conspiracy and money laundering conspiracy.

What did regulators say?

The DOJ described the October 2020 resolution as one of the largest FCPA cases in history. The press release stated that Goldman Sachs's Malaysian subsidiary had entered a guilty plea to one count of conspiracy to violate the FCPA's anti-bribery provisions. Goldman Sachs Group Inc. entered a three-year deferred prosecution agreement, in which the firm acknowledged that former employees had engaged in the criminal conduct. The DOJ stated that Goldman had "failed to implement adequate internal controls" sufficient to detect or prevent the misconduct.

The UK's Financial Conduct Authority took separate action against Goldman Sachs International. According to the FCA's final notice, the regulator found Goldman had breached Principle 2 (acting with due skill, care and diligence) and Principle 3 (taking reasonable care to organize and control its affairs responsibly) under the FCA Principles for Business. The FCA's position was that Goldman's financial crime systems and controls were inadequate for a firm of its size and global reach.

The Federal Reserve Board issued its own consent order, finding that Goldman had engaged in unsafe and unsound practices in connection with the 1MDB transactions. The Fed's order required remediation across Goldman's compliance function and governance framework.

The SEC also participated in the coordinated resolution, with Goldman consenting to charges related to improper and undisclosed payments in connection with the 1MDB bond offerings.

What controls failed?

The 1MDB case exposed control failures that, individually, might be explained as isolated lapses. Taken together, they describe a compliance function structurally unable to confront a determined group of insiders operating under commercial pressure.

CDD on actual decision-makers, not just named counterparties. Jho Low had no official 1MDB title. He was not Goldman's formal client. Yet he was central to structuring and directing the transactions. FATF Recommendation 10 requires institutions to conduct due diligence on the economic reality of who controls and benefits from a transaction. Goldman's CDD focused on 1MDB as the institutional counterparty and failed to adequately investigate or escalate Low's role.

Beneficial ownership tracing through shell company layers. The diverted funds moved through BVI and Cayman Islands vehicles, obscuring ultimate controllers and recipients at each step. FATF Recommendation 24 requires institutions to trace ownership through corporate structures to the natural person level. Goldman's controls didn't penetrate those layers adequately.

PEP-linked transaction monitoring. Individuals connected at senior levels to a serving head of government were among those who benefited from the diverted proceeds. FATF Recommendation 12 requires enhanced due diligence on PEPs and their close associates. That scrutiny was absent.

Fee anomaly detection. Goldman earned roughly $600 million on deals totaling $6.5 billion. Standard institutional underwriting fees on comparable sovereign-linked transactions run well below 1% of proceeds. Goldman's returns were several multiples above that norm. An independent review of deal economics, triggered by fee-level outliers and conducted outside the deal team, should have been standard.

Escalation with teeth. Compliance concerns were raised at certain points during the 1MDB transactions, according to regulatory findings. The deals closed anyway. This points not to missing policies but to an escalation culture that couldn't override commercial momentum. When the record shows concerns were raised and ignored, regulators treat it as an aggravating factor, not a mitigating one.

Which regulations were violated?

The DOJ charges centered on the Foreign Corrupt Practices Act. Goldman Sachs Malaysia pleaded guilty to conspiracy to violate the FCPA's anti-bribery provisions, which prohibit US issuers and their employees from paying bribes to foreign government officials to obtain or retain business. The DPA with Goldman Group Inc. acknowledged failures in the FCPA's internal controls provisions, which require adequate accounting controls to detect and prevent such payments.

The FCA's action rested on its Principles for Business. This is a distinct legal basis: no criminal predicate is required. The FCA found that Goldman's financial crime risk management was structurally deficient, independent of any single employee's intent.

The Bank Secrecy Act framework underpins US financial institutions' AML obligations, and the SAR filing requirements it anchors are directly relevant. Transactions at this scale, with above-market fee structures, moving through a range of offshore entities, should have triggered suspicious activity review. The multi-regulator resolution reflects exactly that cross-cutting nature: the same failures engaged FCPA enforcement, AML compliance obligations, and prudential standards simultaneously.

Multiple jurisdictions tightened their AML legislation in the years following 1MDB, with Malaysia amending its Anti-Money Laundering Act and Singapore expanding its predicate offenses list. The case became a reference point for regulators worldwide when assessing financial institution risk controls in capital markets.

Which typologies were involved?

Bribery of foreign officials as a predicate offense. The core typology is corruption: government officials were bribed using a portion of funds raised from institutional bond investors. That bribery was a predicate offense. Its proceeds were then laundered through the layering structures described below.

Shell company layering across multiple jurisdictions. Diverted funds moved through a succession of offshore vehicles, each adding distance between the source and the ultimate recipient. The layering was designed to defeat compliance reviews that terminate at the first-level counterparty. Effective beneficial ownership tracing cuts through this structure rather than stopping at the first named entity.

PEP-linked enrichment through ostensibly commercial channels. A portion of diverted funds reached accounts and assets connected to politically exposed persons, including individuals at the senior levels of the Malaysian government and their family members. The funds entered the financial system through what appeared to be legitimate institutional bond transactions. This is the precise risk the FATF PEP standards are designed to address.

Fragmented cross-border fund flows. The money moved through institutions and jurisdictions that each saw only a fragment of the complete picture. FATF Recommendation 13 on correspondent banking requires enhanced scrutiny of these flows because no single institution has full visibility. The 1MDB scheme exploited that fragmentation across at least seven countries simultaneously.

Above-market fee extraction. Goldman's outsized fee income was itself a secondary channel through which value flowed from the diverted proceeds. When a bank's compensation on a transaction is multiples above the market norm, that's a typology indicator, not just an accounting line.

Aftermath and remediation

Goldman Sachs Group Inc. entered a three-year DPA with the DOJ in October 2020. Under the agreement, Goldman committed to cooperate with ongoing investigations, implement an enhanced compliance program, and meet continuing reporting requirements. Goldman Sachs Malaysia, uniquely for a major bank subsidiary of its standing, entered an unconditional guilty plea to FCPA charges.

The FCA required Goldman Sachs International to pay £96.6 million, one of the largest FCA financial crime-related penalties imposed on a bank at that time. The Federal Reserve's consent order required Goldman to remediate weaknesses in its international compliance infrastructure and governance.

Separately, in July 2020, Goldman reached a $3.9 billion civil settlement with the Malaysian government. Under that agreement, Goldman agreed to return recovered assets and guarantee asset recovery proceeds, resolving the Malaysian state's claims before the US criminal resolution.

Goldman publicly confirmed it had taken clawback actions affecting a number of current and former senior executives. CEO David Solomon acknowledged the firm's failures publicly and stated that the conduct was inconsistent with Goldman's values.

Tim Leissner remained cooperating with US authorities and awaited sentencing following the resolution. Roger Ng was convicted by a federal jury in April 2022 on all charges, including conspiracy to violate the FCPA and money laundering conspiracy, in a case the DOJ described as one of its most significant FCPA prosecutions. Jho Low remained a fugitive, with outstanding warrants across multiple jurisdictions.

Goldman's share price absorbed the headline fine. The firm had reserved substantially for the outcome. The deeper cost is harder to measure: intensified regulatory supervision, mandatory compliance overhauls, and a case that compliance professionals cite in training and board presentations to this day.

Lessons for other institutions

Flag fee anomalies before the deal closes. A fee-to-deal-size ratio well outside market norms is a primary risk indicator. Compliance and second-line risk functions should run independent economic reviews on large mandates, with authority to delay or escalate before execution. Catching the anomaly at transaction monitoring, after the money has moved, is too late.

Scope CDD to economic reality. FATF Recommendation 10 requires institutions to understand who actually controls and benefits from transactions, regardless of formal titles. Jho Low had no official role. He should still have been fully screened. Any individual who materially shapes or benefits from a transaction is within the CDD perimeter.

PEP programs must cover associates. FATF Recommendation 12 covers close associates and family members explicitly. A PEP program that screens only the named official will miss this pattern. Ongoing monitoring throughout the relationship, updated for changes in political exposure, is the requirement, not a one-time onboarding check.

Escalation needs structural support. When compliance concerns are raised and deals close anyway, the function hasn't worked. Institutions need documented escalation records, independent sign-off requirements at certain risk thresholds, and clear policy on what triggers a mandatory pause. Regulators look for this paper trail. Its absence is itself a finding.

Capital markets divisions need compliance investment proportional to their risk. Investment banking generates outsized revenues and outsized financial crime exposure. Resourcing compliance functions at levels appropriate for retail banking won't cover the risks. Since 2020, regulators have made this expectation explicit, and the 1MDB case is the reason.

A genuine risk-based approach covers every business line. FATF Recommendation 1 is not a checkbox. It requires a documented, substantive assessment of financial crime risk that reaches capital markets activities. We've seen institutions invest heavily in retail AML controls while leaving investment banking largely unsupervised. The 1MDB fine demonstrates what that gap costs.

How FluxForce helps prevent similar failures

FluxForce agents monitor transaction fee anomalies and cross-border fund flows in real time. Patterns outside peer norms are flagged before a deal closes. Nova Sentinel screens counterparties and beneficial ownership chains against PEP registries and adverse media on a continuous basis, beyond the initial onboarding review. Every flag generates a documented audit trail, so escalation decisions are on the record. For compliance teams that need to demonstrate to regulators that suspicious activity would have been caught, that evidence trail is the difference between a defensible position and a consent order. Request a demo to see how FluxForce maps to the control failures in cases like 1MDB.