Common and Recurring Themes: The 40-point checklist
By Anu Ratan, Senior Global FCC/AML Policy and Advisory Manager | firstname.lastname@example.org
Originally published on: https://www.linkedin.com/in/anuratan. Reprinted with kind permission.
The list below is a summary of my analysis of UK FCA fines for AML between 2002-2015 and common recurring themes identified. This list is by no means exhaustive and should not be considered as a source of regulatory requirements. Please scroll down to the end of the post for the list of fines reviewed and link to the FCA website for the original list of fines.
Key Observation: An interesting observation is that the key failures identified in the first fine in 2002 (earliest available on the site) are very similar in principle to those highlighted in the recent 2015 fine. Also the fines refer to ML Regs, JMLSG Guidance and published FCA Best Practices as the references for review.
Culture of Compliance:
- Failure to demonstrate the culture and level of cooperation expected by the Authority.
Senior Management Oversight (Compliance and Business):
- Roles and Responsibilities: Lack of clarity re roles and responsibilities within Business and Compliance.
- Failure by the Compliance officer to take reasonable steps for implementation of adequate procedures to control money laundering risk.
- Identification of Gaps and Mitigation of Risks:
- Failings not identified by the Firm.
- Failure continued for a considerable amount of time.
- Shortcomings identified in compliance not addressed.
- Gaps in providing key management information to the Money Laundering Reporting Officer (MLRO).
- Reporting to management was informal.
- Resources: Lack of adequate resources in compliance.
- Branches outside London not subject to regular visits by Compliance department.
- Reliance on a system of self-certification of AML compliance by branches.
Policies and Procedures:
- Firm policies and procedures not up to date with regulatory developments.
Risk Assessment Methodology:
- Risk Assessment Methodology did not consider High Risk Products and Services.
Customer Due Diligence:
- Failure in identifying customers adequately especially non-resident individuals, non face to face customers and those incorporated in high-risk and/or less transparent jurisdictions.
- Failure to question high profile clients.
- Failure in obtaining sufficient ‘know your customer’ (KYC) documentation.
- Failure in recording CDD documentation. This also meant:
- Firm could not demonstrate that it had all relevant facts about its customers and so could not show that it had taken all reasonable steps to ensure that customers’ accounts remained suitable.
- Insufficient evidence to show that the clients were who they had claimed to be.
- Lack of understanding of Source of Wealth and Source of Funds.
- Failure to review and fully understand documents in foreign languages.
- CDD checklists not completed and/or reviewed.
- Failure in screening customers against Sanctions and/or PEPs lists.
- Failure in controls for high risk customers e.g., PEPs.
- Inadequate guidance given to staff on how they should assess the classification of a customer resulting in customer classified as lower risk.
- Request to waive identification process approved because of the high-profile nature of the customer.
- Gaps in ongoing review of Customer relationships.
- Failure to understand nature of transaction.
- Transactions not in line with the customer profile (e.g., huge unexpected amounts did not trigger a review of the transaction or the relationship).
- High non-compliance rates found in non-personal accounts where there was an increased risk of actual money laundering taking place.
Suspicious Activity Reporting:
- High Risk Indicators ignored.
- Failed to ensure that suspicious activity reports were promptly considered and reported to the FIU.
- Series of high-risk transactions not followed by adequate investigations or review of account.
Three Lines of Defence:
- Failure in AML compliance monitoring by a central function.
- Concerns around the effectiveness of the internal audit function.
Enterprise Wide Risk Assessment:
- Failure to carry out Enterprise Wide Risk Assessment.
- Failure to carry out gap analysis between regulatory requirements and implementation within the bank.
Training and Education:
- Lack of clarity re roles and responsibilities within Business and Compliance.
- Failure in training employees adequately.
- Failure in revising training content adequately to address shortcomings in AML controls.
- Failure to maintain sufficient records of staff completion of AML training.
- Inadequate training on high risk indicators.
- Failure in checking whether the staff understood their AML responsibilities fully.
- Inadequate guidance given to staff on how they should assess the classification of a customer.
Record Keeping and Retention:
- Failure to keep records of Customer information and also which could evidence what actions had been taken.
List of fines reviewed:
2002 – Royal Bank of Scotland Plc – £750000
2003 – Abbey National Plc – £2,320000
2003 – Northern Bank – £1,250,000
2004 – Bank of Ireland – £375000
2004 – Bank of Scotland – £1,250,000
2004 – Carr Sheppards Crosthwaite – £500,000
2005 – Investment Services UK Limited – £175,000
2005 – Investment Services UK Limited – Managing Director – Ram Melwani – £30,000
2008 – Sindicatum Holdings Limited (SHL) £49,000
2008 – Sindicatum Holdings Limited (SHL) MLRO Michael Wheelhouse – £17,500
2010 – Alpari (UK) Limited – £140000
2010 – Alpari (UK) Limited Sudipto Chattopadhyay (MLRO) – £14,000
2012 – Habib Bank AG Zurich (Habib) – £525,000
2012 – Habib Bank AG Zurich (Habib) former MLRO Syed Itrat Hussain – £17,500
2012 – Coutts – £8.75 million
2013 – EFG Private Bank Ltd – £4,200,000
2013 – Guaranty Trust Bank (UK) Limited – £525,000
2014 – Standard Bank PLC – £7,640,400
2015 – Bank of Beirut (UK) Ltd. – £2.1 m
2015 – Bank of Beirut (UK) Ltd. – Anthony Wills (former compliance officer), and Michael Allin (internal auditor), £19,600 and £9,900, respectively
2015 – Barclays – £72 million
Copyright © Anu Ratan. Posted on LinkedIn in January 2016. Unauthorized use and/or duplication of this analysis without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Anu Ratan and this site with appropriate and specific direction to the original content. Anu Ratan, ICA Dip (AML)