3 February 2023
The Financial Conduct Authority (FCA) has already got the new year off to a flying start, issuing two financial penalties within a day of each other. Guaranty Trust Bank (UK) Limited (GT Bank) and Al Rayan Bank PLC were fined £7.7 million and £4 million respectively, for failing to effectively manage their financial crime risks.
Al Rayan, whose parent company is a subsidiary of a Qatar-based Islamic bank, reportedly failed to establish, implement and maintain appropriate and risk-sensitive policies and procedures in relation to enhanced due diligence (EDD). This was especially in relation to establishing high-risk customers’ Source of Wealth (SOW) and Source of Funds (SOF) at the point of onboarding - and ongoing monitoring in situations of higher risk (see Figure 1). The FCA specifically criticised Al Rayan for relying on due diligence carried out by financial institutions within the group of Gulf Cooperation Council Countries, which it was aware would not meet the required standards under money laundering regulations, and for failing to undertake EDD where it was indicated as required. It also failed to adequately risk-manage the treatment of substantial cash deposits.
Figure 1: A Themis Search risk map detailing Al Rayan Bank Plc’s directors as well as the aforementioned regulatory enforcement
Periodic reviews were not undertaken in accordance with the bank’s own policies, staff training was severely lacking, and Al Rayan failed to undertake an internal audit of its own systems and controls over an eight-year period. Furthermore, Al Rayan failed to address and remediate these weaknesses despite being alerted to them by the FCA.
In a similar vein, GT Bank was penalised for failing to undertake adequate customer risk assessments, customer due diligence (CDD), EDD, SOW and SOF verification, ongoing monitoring, transactional monitoring, staff training, and establish an effective culture under which AML was given due consideration by staff (see Figure 2).
Figure 2 A Themis Search risk map detailing Guaranty Trust Bank (UK) Limited’s directors as well as the aforementioned regulatory enforcement
This isn’t the first time GT Bank has been disciplined by the FCA for serious weaknesses in its AML systems and controls; indeed, in August 2013, the bank was fined £525,000 for similar failings in relation to its AML systems and controls, the repeated nature of which the FCA considers “a direct result of the inability of the senior management within GT Bank, over a prolonged period of time, to formulate and implement an effective plan capable of addressing the weaknesses identified within its AML and financial crime systems and controls”.
Situating these penalties in a more global context, analysis by the Financial Times suggests that fines for AML deficiencies rose internationally by over 50% in 2022 on the previous year, raising concerns that such measures have to date failed to provide enough incentive to firms to adhere to regulations or tighten up their AML controls.
Globally, financial institutions were fined nearly USD 5 billion over the course of last year for infractions relating to sanctions, AML controls and Know Your Customer (KYC) systems - which doesn’t even take into account those related to Russia’s invasion of Ukraine, the legacy and impact of which will be fully realised in years to come (fines tend to be issued retrospectively). Closer to home, the FCA issued a total of £215 million in penalties in 2022, of which over half related to weaknesses in AML controls. These included a £1 million fine to Gatehouse Bank Plc, £2 million to The TJM Partnership Limited and £5 million Ghana International Bank Plc; the most notable, however, was a £108 million to Santander UK Plc for serious, repeated and persistent AML failings between 2012 and 2017, affecting over 560,000 business accounts. Indeed, if Santander had not agreed with the FCA’s findings and settled, earning it a 30% discount, the fine would have amounted to £154 million.
Whilst companies may channel more resources into their AML controls in the aftermath of a fine, these often amount to little more than hot air if not enforced and monitored effectively and supported by a change in culture; as evidenced by a degree of recidivism, especially across the UK and US - illustrated by GT Bank’s recent second fine from the FCA.
Ultimately, some commentators believe that no matter the size of these regulatory pecuniary fines, they pale in comparison to financial institutions’ revenue and profits, meaning firms just aren’t sufficiently disincentivised to enact meaningful change. It’s easy to understand their perspective - although it doesn’t take into account the potential reputational fall out of such penalties which, to some degree, depends on how widely they are reported by the press and whether they capture the public imagination.
Westpac, the Australian multinational bank, was issued with an AUD 1.3 billion regulatory penalty in 2020 for 23 million breaches of AML law, following transactions worth AUD 11 billion which enabled customers to pay for child abuse undetected. That year, the bank saw profits slump by nearly 66% (although it’s difficult, of course, to understand how causation should be accurately apportioned between the related adverse media and the pandemic). Yet it demonstrates, perhaps, that AML deficiencies are considered a more palpable failing in the public consciousness - one more discernible in terms of falling share prices and client footfall - when they can be linked to a specific crime, especially one as visceral as child exploitation, rather than generic weaknesses which may allow nefarious payments to slip through.
Although many firms evidently still see AML controls - including KYC, CDD and ongoing monitoring - as little more than a burdensome regulatory requirement, they really are vital as so much more than a compliance exercise; as the first line of defence against financial crime. Effective enforcement of these controls can have a truly tangible effect on preventing global illicit activity that affects individuals, societies and the environment, including modern slavery, human trafficking, the illegal wildlife trade, and drug crimes.
We’ve put together a CDD Best Practice Guide to help you with untangling the different regulatory requirements and levels of scrutiny required for various risk factors, breaking down the CDD process into its constituent elements, delineating how and when to conduct CDD and advising how to proceed when CDD reveals grounds for suspicion.
Themis Search & Ongoing Monitoring - one of your best lines of defences and allies in your KYC and CDD processes - can also be used to perform global searches for potential financial crime risks in your network. You can screen and produce reports for your clients, suppliers, investors and investments against a multitude of threats, providing 24-hour monitoring of legal entities and individuals.
If you require EDD, our skilled team of investigators has deep and varied experience across a range of sectors and is well-equipped to handle all your queries, requirements and concerns.