Last week, the UK’s Fianncial Conduct Authority published thematic financial crime risk reviews into 21 small banks and ten commercial insurance intermediaries. It also commenced a consultation exercise on its proposed guidance on financial crime systems and controls.
The reviews (available here in a pdf) are relatively short, accessible and informative.
The review rather forlornly observed that despite the FCA’s extensive work to address key issues, there remained significant and widespread weaknesses in most banks’ anti-money laundering systems and controls, and also in some banks’ sanctions controls.
At the top of the league, the review found that some retail, wholesale, and private banks had implemented effective AML/sanctions controls, with private banks generally operating to higher standards by demonstrating good senior management engagement on AML; a good understanding of financial crime risk among key staff; close oversight of high risk customer relationships; and effective use of enhanced due diligence as a basis for identifying potentially suspicious activity.
However, given its extensive AML work in the past, the FCA, expressed disappointment in the discovery of continuing and significant weaknesses in most small banks’ AML systems and controls. Overseas banks were found to face particular AML challenges, particularly, when they relied on other parts of the group to carry out customer due diligence on their behalf, often due to inconsistent policies and a high turnover in senior ex-pat management.
Despite weaknesses in governance at some banks, the review recorded an improvement in the engagement of senior management with AML issues compared with the 2011 review. However, the Banks’ progress in assessing systems against the FCA’s guidance was found to be slow with 75% of the banks visited having only taken action to improve since late 2012 and mostly as a result of enforcement action against rival banks.
The FCA, which provided individual feedback to each reviewed bank, found serious issues in six banks. Four banks agreed to restrict business pending corrective action; three appointed a Financial Services & Markets Act 2000 skilled person to supervise corrective action; and two are now facing enforcement investigations.
A number of extreme examples, encountered during the review, were given to illustrate poor performance:
“A branch of an overseas bank accepted a customer whose ultimate beneficial owner had been charged overseas with 107 counts of money laundering. The board signed off the relationship on the condition that EDD was carried out. However, the file lacked an adequate risk assessment and explanation of how senior management were satisfied that the customer funds were not the proceeds of crime.”
“A small private bank had a customer who was publically alleged to have laundered approximately $700 million with a known corrupt foreign official. Despite classifying the customer as high risk, the bank only identified this allegation a year into the relationship and still failed to conduct adequate EDD [Enchanced Due Diligece] to determine whether the customer’s wealth and the funds used in the relationship were legitimate.”
“One bank classified all of its 2,800 customers as high risk and relied on three staff members to carry out all annual reviews. As a result, the reviews were inadequate, focusing solely on account activity. Another bank, which only decided to introduce annual reviews after our visit, intended for two employees to conduct 1,200 reviews every year in addition to their existing full-time”
“At a UK subsidiary of an overseas bank, the MLRO [Money Laundering Reporting Officer] stated he did not see the value in establishing the source of wealth or source of funds for PEP customers, thereby demonstrating a clear lack of understanding of his legal and regulatory obligations.”
Commercial insurance intermediaries:
The review noted that although considerable progress had been made on internal risks, through training and remuneration, gifts and hospitality policies most were still found to have ineffective anti-bribery and anti-corruption controls with weak senior management oversight.
Only half of those sampled had adequately identified and assessed bribery and corruption risks across both the trading and non-trading aspects of their business. The other half had either not carried out a business-wide bribery and corruption risk assessment, or had only focused on the risks associated with a limited number of relationships rather than assessing the risks associated with all parties in the insurance distribution chain. Consequently, making it impossible to identify exposure or manage risk.
The review considered that the intermediaries’ due diligence of individual relationships was inadequate and often only extended to considering the issue of jurisdiction. Inspectors encountered patchy record keeping, monitoring and accountability resulting in inadequate risk assessment. Although senior management was increasingly involved with bribery and corruption issues, a lack of adequate information still resulted in weak risk management.
Examples of poor performance:
“At two intermediaries, payment monitoring consisted solely of copying senior managers into emails where commission amounts were discussed.”
“At one intermediary, staff members were expected to refresh their ABC [Anti-bribery and Corruption] training on a regular basis. However, most of the staff we interviewed were unsure when they last had this training, and the intermediary had failed to keep records of staff training completed.”
“One intermediary had not considered the potential bribery and corruption risks when it took on a relation of a client as a third party introducer, even though the plan was for him to introduce business from some high-risk jurisdictions.”
The FCA’s consultation exercise on its proposed guidance on financial crime systems and controls is available here (pdf).
Alistair Craig, a commercial barrister practicing in London, is a frequent contributor to the FCPA Blog.