When FCA Director of Enforcement and Market Oversight Mark Steward spoke in London last month, his comments could hardly have been more timely. Hot on the heels of his remarks on dual-track (civil and criminal) AML investigations came a significant fine arising out of a firm’s AML systems and controls. It also came as the countdown to entry into force of the fifth AML directive continues; and his observations on escalation protocols highlight the continuing importance of the senior managers’ and certification regime (SMCR).
Dual-track investigations
Mark Steward’s speech, set out how the FCA intends to shift its investigative approach in order to give full effect to the Money Laundering Regulations. The FCA is now conducting dual-track investigations into suspected AML systems and compliance issues.
Dual-track investigations are those which might result in civil or criminal proceedings if shortcomings are identified. This suggests a harsher approach from the FCA on money laundering issues where warranted, with the potential for criminal liability for any serious failings. The issues relate both to the need to conduct assessments of money laundering, terrorist financing and sanctions risk to which a firm might be exposed, as well as the need to establish, maintain and update systems and controls addressing that assessment.
Mark Steward emphasised the FCA’s “investigative mindset” when conducting dual-track investigations. It is clear there is no wish for the FCA to tie its hands at the outset of an investigation by narrowing the potential outcomes that might result. This approach makes sense. It is easy to imagine a scenario where breaches might on investigation not be provable to a criminal standard but would justify a civil penalty or regulatory action. The dual-track process allows the outcome to be determined once there has been an opportunity to assess the evidence. This dual-track process is already common where market abuse investigations are carried out.
Mr Steward made clear that the FCA is not intending for every case to be taken forward in this way, or that criminal proceedings will always follow a finding against a firm. Criminal prosecutions still “will be exceptional”. However, the use of the dual-track process can be expected to enable criminal action to be taken where there is strong evidence, egregious failings or findings of actual money laundering.
AML investigations in action
Following Mr Steward’s speech came news that the FCA have fined Standard Chartered Bank for AML failings. The fine of over £100 million after 30% (stage 1) discount is the second largest financial penalty for AML controls ever imposed by the regulator.
The FCA found that Standard Chartered’s UK correspondent banking business (between November 2010 and July 2013) and UAE branches (between November 2009 and December 2014) failed to maintain sufficient customer due diligence and ongoing monitoring policies, including, in respect of the UAE branches, failing to require its non-EEA branches to apply UK-equivalent AML standards. The bulk of the fine (85%) relates to failings identified relating to Standard Chartered’s UAE branches.
The FCA’s fine was for breaches of the Money Laundering Regulations 2007, which require firms to carry out adequate customer due diligence and enhanced due diligence, as well as ongoing monitoring; and to establish and maintain appropriate AML policies and procedures commensurate with the risks faced by the business. This includes a requirement for UK institutions to ensure non-EEA branches apply equivalent standards to those applicable under the Regulations.
The FCA found examples where Standard Chartered had failed adequately to establish source of funds, failed to implement policies which mitigated the risks of transacting with sanctioned entities, and had shortcomings in its internal AML controls and the way these issues were escalated, resulting in delays in identifying issues and taking remedial action.
In setting the level of its fine, the FCA considered that:
- Weaknesses had already been highlighted to Standard Chartered by the (then) FSA in separate thematic reviews.
- Actions had been taken by US authorities against Standard Chartered in the relevant period;
- The FCA had previously published guidance, and guidance was published during the relevant period, including final notices issued against other firms for similar issues.
- Standard Chartered had significantly increased the resources dedicated to financial crime risks, including the setting up of a compliance academy.
- Standard Chartered has also been working on a global financial crime risk mitigation programme, including a remediation project.
- Standard Chartered had formed an association of financial institutions in the US to improve how suspected financial crime is identified and reported.
- Standard Chartered had co-operated during the investigation.
The FCA also found shortcomings in the escalation process for money laundering risks.
Escalation
The subject of escalation was also part of Mark Steward’s speech. The UBS and Goldman Sachs fines for transaction reporting failings (discussed in our blog posts here and here respectively) relate to a 9 year period (in the case of UBS) and a 10 year period (for Goldman Sachs). The FCA takes the view that these problems should never have been allowed to persist for so long. A similar finding was made in relation to Standard Chartered Bank.
Mark Steward stressed the need for strong escalation protocols to ensure that, where a problem is identified, the senior management know about it and do something to bring it to an end. He queried whether inadequate escalation was consistent with the obligation on senior managers to take reasonable steps to prevent a breach. Whilst the findings against UBS and Goldman Sachs are for actions pre-dating SMCR, “these cases signal that in any assessment of ‘reasonable steps’, escalation and senior management sight lines over problems that are not being solved effectively will be an issue.”
Mark Steward’s speech also dealt with the partly contested process for disciplinary action and accountability for foreseeable harm. You can see our separate blog post on the first of those topics here.
What can be taken from the FCA’s comments?
Whilst AML systems and controls have had regulator focus since their inception, the suggestion that it is time “that we gave effect to the full intention of the Money-Laundering Regulations” suggests that the focus on AML compliance is not going away. The increased risk of criminal findings through the dual-track process should be a stark warning to ensure policies and procedures in place are sufficient to manage firms’ money laundering, terrorist financing and sanctions risks, that they are being followed in practice, and that robust escalation processes are in place. As Mark Steward made clear, the FCA will bring criminal prosecutions where failings are egregious as well as where the FCA sees “what looks like actual money-laundering”. Firms putting their hands in their pockets after the FCA finds a serious problem is simply not enough.
The focus on escalation protocols demonstrates the importance of the SMCR and ensuring that, where issues are identified or mistakes made, they are quickly rectified. Had the UBS and Goldman Sachs issues post-dated SMCR it seems likely sanctions against individuals would have been sought.
With the size of some of the FCA’s recent fines (including £27.6m, £34.3m and £102.2m in the past months alone), and the introduction of the fifth AML directive on the horizon, now is a good moment to take stock. Investing to make sure necessary policies and procedures are in place, and are being followed, together with the necessary escalation, ought to be a priority to mitigate the risk of large fines, sanctions against senior managers, and even criminal prosecution.