“The quality of firms’ AML systems and controls remains high on our agenda. Our financial crime specialist supervisors continue to carry out extensive anti-money laundering work, including through our Systematic Anti-Money Laundering Programme and thematic reviews of particular financial crime risks and issues”. So says the Financial Conduct Authority (“FCA”) in its second anti-money laundering annual report. In fact, the regulator’s emphasis on the prevention of financial crime and anti-money laundering (“AML”) systems and controls has increased considerably over the past year to eighteen months, with two major enforcement actions for serious AML failings and ever-increasing fines. The role of the Money Laundering Reporting Officer (“MLRO”) has been in the spotlight too, with the FCA emphasising the importance of the position and conducting increasing numbers of interviews with individuals put forward by their firms as potential MLROs and action being taken directly against MLROs for compliance failings.
The FCA’s 2013/14 Anti-Money Laundering Annual Report (the “Report”) covers a lot of ground in its seventeen pages. It describes changes in its responsibilities, as it takes over responsibility for consumer credit firms from the Office of Fair Trading; policy developments in the past year, including the update to its Financial Crime Guide and developments at the European Union (“EU”) level; findings and outcomes from its specialist supervision work, including that done with banks and asset management and platform firms; and the FCA’s new strategy for the supervision of AML. It also discusses emerging risks and trends, such as those associated with mobile banking and virtual currencies; whistleblowing; and how the FCA cooperates with other agencies, both in the United Kingdom (“UK”) and overseas. However, its comments on the results of its supervisory work and its “new AML supervision strategy” seem to be the most telling indicators of things to come from this regulator.
The FCA comments on its Thematic Review of AML and Anti-Bribery and Corruption (“ABC”) systems and controls in asset management and platform firms (TR13/9; report published October 2013). That review had identified a number of issues and failings and the FCA found that “standards were not consistently high”, with further work still being necessary for most firms, despite the strong regulatory focus and the FCA’s multiple publications on the subject. The FCA was “especially concerned” where it found failings and inadequacies in firms which were part of large financial groups. In many cases, it found “significant weaknesses”.
Banks had their own supervisory focus to worry about: the Systematic AML Programme (“SAMLP”), comprising detailed AML assessments of fourteen major retail and investment banks operating in the UK. Each assessment takes several months and covers an in-depth review of all AML systems and controls in the bank, including detailed interviews of senior management and staff members. So far, the FCA has completed six such assessments, with a seventh (the first to cover ABC controls in addition to AML) well underway. The FCA is so pleased with the effectiveness of the SAMLP as a supervisory tool that it is now planning to extend it to some smaller banks. There is also a rumour that it may be considering extending it more widely in the industry, too. In the meantime, the FCA is working on a review of AML and sanctions controls in smaller banks. This is a follow up to its 2010/11 Thematic Review, “Banks’ Management of High Money Laundering Risk Situations”, which identified serious weaknesses in banks’ systems and controls and found that three-quarters of them were not managing their money laundering risks adequately, particularly in relation to the monitoring of the higher risks posed by Politically Exposed Persons (“PEPs”). The FCA now wishes to see whether firms have improved in the intervening period and whether they have taken on board the guidance it has issued. Findings from this review are promised in the Autumn.
In addition to this, the Report states that in the past year, the FCA’s specialist supervisors have considered around seventy requests for resources relating to AML systems and controls issues, of which, the FCA decided to allocate resources and to take action in relation to around two- thirds. Action taken included visiting firms and assessing their AML systems and controls and carrying out desk-based reviews of AML policies and procedures. The FCA says that it had also interviewed and vetted individuals that firms had put forward for the MLRO role.
The FCA says in the Report that the findings from its review work - whether pursuant to the SAMLP assessments, thematic work, or general case work - have been “disappointing” and that it has found a number of “significant weaknesses”, especially in relation to higher risk business. The FCA identifies a number of common themes: inadequate governance and oversight of money laundering risk; inadequate risk assessments to identify high risk customers; and poor management of high risk customers, including PEPs, especially in relation to establishing the source of wealth and the source of funds for PEPs. The FCA also found inadequate due diligence on correspondent banks; inadequate or poorly calibrated AML and sanctions-related IT systems; weaknesses in the handling of alerts relating to sanctions and/or transaction monitoring; and also “poor judgements or questionable decisions” leading the firm to take on an unacceptable level of money laundering risk. The regulator has responded to the weaknesses identified in typically robust fashion, ensuring that the firms concerned corrected the weaknesses; obliging a member of senior management to sign a letter of attestation to the effect that the remedial work had been completed and that the AML controls were now effective; and in the more extreme cases, referring two banks to enforcement for serious AML failings. The FCA says that it is “considering whether we should refer more cases to Enforcement later this year as a result of our AML specialist supervision work, in particular our thematic review of smaller banks’ AML and sanctions controls”. In other words, more enforcement action seems to be not just possible, but probable.
The FCA announces in the Report what it calls its “new AML supervision strategy”. Recognising that in the past, it has devoted a good deal of specialist resource to AML work in the largest banks, the FCA says that money laundering risk is not necessarily proportionate to the size of the firm and so in future, it would be directing more resources at those firms that it believes pose a higher risk. Accordingly, firms will be classified into four risk bands, according to the money laundering risk presented, which will be assessed according to such factors as the nature of the firm’s business and where it is located or where it operates. Firms covered by the SAMLP will continue to be subject to the most intensive supervision, with those in the category below being subject to a regular inspection programme, comprising on-site visits lasting between two and three days. The cycle for these visits will be around twenty-four months, at the end of which, the FCA will re-assess the firm’s categorisation and move it up or down, as appropriate. Other firms in the lower risk categories will continue to be subject to thematic reviews and event- driven and reactive supervision by the FCA, so no-one escapes attention entirely.
It has not all been bad news, however. The FCA reports that many banks (particularly, large banks) now recognise that AML is an issue requiring senior management attention and “a strong tone from the top”. The efforts of private banks and wealth management firms were similarly recognised, the FCA finding that these “generally performed better” on AML issues than retail or wholesale banks. It is notable that the FCA does not include any lighter news for the asset management and platform firms, however.
Despite the few words of encouragement and the few positive findings, the message coming from the FCA in its Report is loud and clear: firms are not taking its messages relating to AML systems and controls seriously enough and not enough is being done to address the “significant weaknesses” identified. The industry now faces another wave of thematic reviews, a new and intrusive AML supervisory strategy, the extension of the SAMLP to other firms and the inevitable enforcement actions arising from the findings. The threat is there: make the changes, address the weaknesses, or face the consequences.