It is true that banks will go a long way to try to satisfy banking regulators. But unless you have some evidence I am simply unwilling to believe that banking regulators can make up any restrictions they like without regard for the actual requirements of federal law.
But unless you have some evidence I am simply unwilling to believe that banking regulators can make up any restrictions they like without regard for the actual requirements of federal law.
The actual requirements of federal law are often (intentionally) formulated on such a high level that in practice, the banking regulator does end up specifying the actual rules.
Say, for example, a federal law requires that banks "take reasonable measures to impede money laundering".
Now what those "reasonable measures" are is usually determined by the overseeing regulator (eg: the SEC). Sure, you can disagree with their assessment, but they'll fine you anyway and then, the best-case scenario is that after X years in court, the fine gets overturned.
Not only is that true, it's usually not even the regulators that are making up the final actionable items. Businesses hire independent auditors who need to make sure their clients are well clear of what the regulators would be concerned with, and so push them to go even farther. And of course, once you have passed one audit, the next year's audit will be even more strict, even if the regulations themselves have not changed. The auditors do need to justify their own employment, after all.
Coming from a bank (but with limited interaction with regulators), regulators usually try to work within the law. However, I would like to remind you the law is all contradicting and has literally tens if not hundreds of thousands of various laws each one with its own implications.
Point being, regulators can justify just about anything. That is why all large banks have an army of lawyers. They then work with regulators to find some middle ground.
The law is very complicated, but it generally gives regulators that actual power. They can make demands to specific banks. They can even make demands to specific banking systems; like, a regulator can go to a bank and say "You need to make your AML system do Y instead of X."
And the bank has to do it or they end up like HSBC. In fact, that was exactly why HSBC was fined billions. Regulators told them to do specific things, like use Form X in Iran instead of Form Y, or classify Mexico with risk measure N+1 instead of N, and they didn't do them. This is all in the various public records.
It's considered a given that money laundering occurs at every big bank. It's impossible not to happen at an organization of that size.
This entire subthread is about how AML is enforced. Specifically, it's enforced by regulators doing whatever they feel they need to do. The punishment wasn't for money laundering, it's for money laundering in a manner that obedience, according to the regulators, would have caught.
For international banks, it's especially arbitrary because regulations are so loose overseas. In the UK it's very easy to move small amounts anonymously. This is routinely used for small-time laundering by organized crime and banks are fully aware of it. The long arm of US law goes after UK banks handling Mexican dirty money, but not UK banks handling UK dirty money. A lot of what constitutes "illegal money laundering" is actually political.
