Standard Chartered 2019: $1.1B Enforcement Action

What happened?

Standard Chartered's 2019 enforcement action was, in an important sense, a second chapter. The bank had settled with U.S. and New York authorities in 2012 for earlier Iranian sanctions violations, paying approximately $667 million, and had agreed to remediation under an independent monitor. By 2019, regulators had concluded that violations had continued even after that agreement.

The April 2019 resolution was announced on April 9. According to the DOJ press release, Standard Chartered admitted to illegally processing thousands of transactions through the U.S. financial system on behalf of Iranian clients, in violation of the International Emergency Economic Powers Act (IEEPA). The bank also admitted to violations involving other sanctioned jurisdictions, including Myanmar, Zimbabwe, Sudan, and Cuba, according to the public filings.

A central mechanism alleged in the proceedings was manipulation of wire transfer information. The consent order and related filings describe employees at certain branches removing or altering SWIFT payment message fields that would have identified Iranian counterparties, allowing transactions to clear through U.S. correspondent accounts without triggering OFAC screening. This practice is known as wire stripping.

Simultaneously, the UK Financial Conduct Authority conducted its own investigation and issued a final notice in April 2019. The FCA found that the bank's AML controls in its correspondent banking business were seriously deficient, particularly for high-risk jurisdictions including Uganda, Tanzania, and Bahrain, and in its UAE branches. The two investigations were conducted separately but settled simultaneously as part of a coordinated global resolution.

What did regulators say?

The DOJ's press release stated that Standard Chartered "admitted that it illegally processed thousands of transactions through the United States financial system on behalf of Iranian financial institutions and other Iranian entities." The deferred prosecution agreement required the bank to pay $592.6 million to the DOJ and characterised the conduct as wilful rather than the result of oversight failures.

OFAC's civil settlement agreement found that the bank had exported financial services to Iran in violation of the Iranian Transactions and Sanctions Regulations (ITSR). OFAC's settlement was coordinated with the DOJ action, with payments credited across the global resolution. The OFAC enforcement information is available on the Treasury's civil penalties and enforcement page.

The NYSDFS, which announced its $360 million consent order alongside the federal action, found that the bank had engaged in unsafe and unsound practices in its compliance function. NYSDFS noted that the bank's conduct represented a continuation of patterns identified in the 2012 settlement. The NYSDFS press release and consent order documentation detail the specific findings.

The UK FCA's final notice stated that Standard Chartered had failed to adequately manage money laundering risk in its correspondent banking relationships. The FCA found that the bank accepted high-risk customers without conducting adequate due diligence and, in some cases, allowed those relationships to persist without adequate monitoring for years. The FCA imposed a penalty of £102.2 million, among the largest AML fines the authority had issued at that time.

What controls failed?

The enforcement action reveals several distinct control failures operating simultaneously across geographies.

Sanctions screening bypass. According to the consent order, Standard Chartered's OFAC screening was circumvented where payment messages were manually altered before processing. Employees removed or modified SWIFT message fields that would have flagged Iranian counterparties, allowing transactions to pass through U.S. correspondent accounts undetected. The technology worked; people bypassed it.

Correspondent banking due diligence. The FCA found that the bank's controls over its correspondent banking portfolio were inadequate. Respondent banks in high-risk jurisdictions were onboarded and maintained without adequate assessment of their own AML programs or customer base risk profiles. FATF Recommendation 13 on correspondent banking is explicit: a correspondent bank must assess the adequacy of its respondent's AML controls before establishing a relationship and on an ongoing basis. Standard Chartered's documentation and review processes did not consistently meet that standard.

Customer due diligence. The FCA's review found that CDD files for high-risk customers were incomplete, out of date, or contained unresolved red flags. FATF Recommendation 10 on customer due diligence requires enhanced measures for higher-risk relationships. Regulators found the bank was not applying enhanced due diligence consistently even where the risk profile clearly called for it.

Governance and escalation. The FCA noted failures in escalation of compliance concerns through the governance structure. Issues identified at operational level were not consistently reaching senior management in a timely way, and remediation commitments were not systematically tracked to completion.

Recurrence after prior settlement. The most damaging finding is that the conduct post-dated the 2012 agreement. Regulators expected systematic reform to follow from that settlement. That violations recurred undermined the bank's credibility across every jurisdiction involved.

Which regulations were violated?

In the United States, the primary statute was the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1705, which prohibits U.S. persons and financial institutions from engaging in transactions with sanctioned countries and entities. The specific implementing rules engaged were the Iranian Transactions and Sanctions Regulations (ITSR), administered by OFAC. Violations of IEEPA carry both criminal and civil exposure; the DOJ pursued a criminal deferred prosecution agreement because regulators characterised the conduct as wilful.

The Bank Secrecy Act and its implementing regulations were also implicated. AML control failures that allow sanctioned-party transactions to flow undetected are, by definition, BSA compliance failures. The NYSDFS action under New York Banking Law ran parallel to these federal requirements.

The UK FCA acted under the Money Laundering Regulations 2007 (as then in force) and the Financial Services and Markets Act 2000. Those rules require firms to establish adequate systems and controls to prevent money laundering, and to conduct ongoing monitoring of customer relationships.

At the international standards level, the case illustrates failures against FATF Recommendation 1 on the risk-based approach. A genuinely risk-calibrated compliance program would have identified concentrated exposure to high-risk jurisdictions and triggered enhanced controls well before regulators arrived. It didn't. The FATF guidance on correspondent banking services sets out precisely the due diligence expectations the bank failed to meet across its respondent portfolio.

Which typologies were involved?

This case is primarily a sanctions evasion case with correspondent banking as the enabling channel.

Wire stripping. The core typology is deliberate alteration of payment messages to conceal the identity of sanctioned parties. In practice, this means removing or replacing originator or beneficiary information in SWIFT MT103 messages before the payment passes through a U.S. correspondent account. The payment clears; the Iranian counterparty is never visible to the correspondent's screening system. FinCEN has documented wire stripping in multiple advisories as a well-established evasion technique.

Correspondent banking as a conduit. International banks operating correspondent accounts for respondents in high-risk jurisdictions face a structural exposure: the respondent's customers are invisible to the correspondent's compliance team. The FCA's findings about Standard Chartered's high-risk respondents in East Africa and the Gulf reflect this directly. FATF Recommendation 13 requires correspondents to satisfy themselves that the respondent's own AML controls are adequate. Where that assessment is superficial or stale, the correspondent becomes the path of least resistance.

Volume as cover. Large international banks process millions of transactions daily. A wire with stripped Iranian identifiers is unlikely to stand out against that volume without specific detection controls targeted at message field anomalies. This is what makes wire stripping effective, and what makes automated pattern detection at the message-field level a practical necessity rather than a nice-to-have.

Aftermath and remediation

The April 2019 deferred prosecution agreement required Standard Chartered to pay $592.6 million to the DOJ. Under a DPA, criminal charges are held in abeyance; if the bank complies with the agreement's conditions during the specified period, the charges are dismissed. Breach during that period would expose the bank to criminal prosecution.

A condition of the DPA was continuation of independent monitoring. Standard Chartered had already been operating under a monitor following the 2012 settlement. The 2019 agreement extended that arrangement, with the monitor tasked with assessing the bank's compliance with U.S. sanctions law and reporting to the DOJ.

NYSDFS, in addition to the $360 million penalty, required ongoing compliance improvements under the department's continuing supervision. NYSDFS had previously restricted certain dollar-clearing activities as part of its 2012 action, and the 2019 settlement renewed scrutiny of the bank's New York operations.

The FCA's £102.2 million fine was accompanied by a requirement to complete remediation of the AML control weaknesses identified in the correspondent banking business. The FCA's final notice noted that the bank had cooperated with the investigation and had begun remediation work before the notice was issued; those were mitigating factors in the penalty calculation.

The reputational and market impact was material. Standard Chartered's share price fell following the April 9 announcement. Investors and analysts focused on the recurrence of violations after the 2012 settlement as a governance concern, and on the size and duration of the monitorship as an indicator of regulatory scepticism about the bank's culture of compliance.

Lessons for other institutions

The Standard Chartered case is instructive precisely because it's a repeat. The bank had paid hundreds of millions in 2012, operated under a monitor, and returned to enforcement action seven years later. That sequence is the most important single fact in the case: a settlement alone doesn't fix a culture.

Wire stripping demands procedural controls, not just technology. Automated sanctions screening won't catch transactions where identifying information has been manually stripped before screening runs. Banks need controls that detect anomalies in payment message fields, flag manual alterations to SWIFT messages, and restrict staff access to message modification tools. Technology and procedure must work together.

Correspondent banking portfolios require current, documented risk assessments. Every respondent relationship should have a signed-off risk assessment capturing the respondent's own AML program quality, their customer base, and the nature of flows they're sending through the correspondent account. FATF Recommendation 11 on record keeping requires that documentation support both AML decisions and regulatory review. Undocumented judgments don't survive enforcement scrutiny.

Test your escalation paths. If compliance issues are identified but not reaching senior management, the governance structure is failing regardless of how good the written policies look. Run periodic tests to verify that identified issues are actually escalating and that management is actually responding.

DPA obligations are a floor, not a ceiling. Meeting the minimum terms of a deferred prosecution agreement doesn't rebuild trust with regulators. Institutions that have been through prior enforcement need to demonstrate genuine embedded change, not box-ticking. Regulators come back. When they do, they're looking for evidence that the prior settlement actually changed something.

Consider also whether SAR filing obligations were met across the sanctioned-party transaction patterns at issue. Where transactions are clearing despite red flags, secondary liability for inadequate suspicious transaction reporting sits alongside the primary sanctions exposure.

How FluxForce helps prevent similar failures

The control failures in this case follow a recognisable pattern: manual payment processes create bypass opportunities that automated screening misses, correspondent portfolios grow without current risk documentation, and escalation breaks down silently.

FluxForce monitors transaction data in real time, flagging anomalies in payment message fields that may indicate manual alteration before processing. Nova Sentinel builds behavioral baselines for each correspondent relationship, surfacing unusual transaction patterns as they emerge. Aiden Flux generates audit-ready evidence trails for every compliance decision, so when a regulator asks what due diligence was conducted on a respondent bank, the answer is documented, timestamped, and retrievable. Book a demo to see how it works in practice.