In 2021, NatWest Bank became the first UK bank to be charged with criminal offences related to money laundering. Some commentators believe it will be the first of many other criminal money laundering cases brought by the Financial Conduct Authority (FCA) – time will tell. In the meantime, I believe we should all take a look at the NatWest case and identify what lessons we can learn. After all members of the global anti-money laundering (AML) community want to stop money laundering and ensure criminals cannot abuse the services provided by their banks/firms.
In December 2021, NatWest Bank paid a fine of £264.8 million after pleading guilty to three offences of failing to comply with money laundering (prevention) regulations. Pursuant to the guilty plea and penalty, a substantial Agreed Statement of Facts was published. Notwithstanding the offences committed by the bank, the losses to shareholders and the potential harm posed by the money laundering failures, there was some good news.
Most importantly, the Agreed Statement of Facts presents information related to the handling of cash and dealing with relationship managers who firmly believe in and support their customers, albeit not always honestly and openly.
In 2011 an accountant introduced a business called Fowler Oldfield (FO)[1] to the commercial business unit of NatWest Bank. It is reported and agreed, FO had previously been a customer of a different UK high street bank. The original ‘know your customer’ (KYC) information for FO stated:-
The information presents a precise and confined image of the business of FO. Note there is reference to a single party FO buys gold from, albeit the purchase method is challenging. My immediate reaction to this proposal was, where does the cash come from? In addition, the business presented is simple, closed and involves only a small number of parties. There are many questions as to why and how. Including, why is Travelex paid in cash? And how are the purchases and subsequent sales coordinated?
With the foundation of the relationship in place, business commenced. It was sometime later that there was a significant change and essentially NatWest did not react to or subsequently manage the risks presented by these changes.
Ultimately a series of failures within the bank led to the potential laundering of GBP hundreds of millions, including £264 million in cash. There were system failures; system errors; inadequate quality assurance; poor supervision; no follow through, missed periodic reviews of KYC and the incorrect risk classification of FO, twice. In addition, some lies were told, opportunities were missed, records were not properly maintained and there were undoubtedly AML training issues within the bank.
As well as the case against the bank, 11 people have pleaded guilty to money laundering and a number of others are awaiting trial. The relationship banker was arrested and at the time of publication of the Agreed Statement of Facts, he remained under investigation, but his employment has been terminated by the bank. As the other trials unfold, there will be more information revealed and further reports. This was far bigger than a single business premises laundering money in the city of Bradford.
Notwithstanding the information recorded within the customer file, FO did undertake a lot of cash business, but initially the cash was withdrawn from the bank (£25+ million January 2012 to November 2013). Of course this did not accord with the line:-
‘The Bank would not handle any cash for the business’
There is no indication within The Agreed Statement of Facts that FO was ever challenged over the cash withdrawals and offered alternative financial products/services with reduced costs and risks. The unaudited, abbreviated accounts submitted by FO, for the year ending 31st December 2013, do not reflect a business with a multi-million GBP turnover.
The account activity changed significantly in November 2013 when substantial cash deposits started to be paid into the FO account. These deposits increased over time and reached a peak of £1.8million/day. The cash was deposited in three different ways:-
There was no clear explanation provided as to why the operation of the accounts changed. Following subsequent transaction monitoring alerts generated because of the high volumes of cash paid into FO accounts, the relationship manager offered some explanation and stated the activity was actually in accordance with the cash volumes anticipated when the relationship was initiated. Of course, there is no record of anticipated cash activity when the relationship was initiated. In addition, the relationship manager stated FO’s “stringent AML systems” were reviewed regularly, albeit it is agreed there is no evidence this actually took place[2].
The cash deposited included significant quantities of Scottish bank notes, which did give rise to some concerns and suspicions. Ultimately this case is all about people, cash, risk and suspicion, which are detailed and to some extent examined below.
There were numerous people at NatWest Bank who filed internal suspicious activity reports (SARs). They determined the cash transactions were suspicious, they sought to protect the bank and shareholders, they tried to stop the money laundering. One member of staff within the SARs investigation unit resigned, in part because of this customer, asserting their line manager was pursuing a policy of speed over thoroughness. In other words, the manager advocated the expedient resolution of SARs over the complete investigation of the suspicion presented.
Outside of NatWest Bank, there were other people who identified suspicions related to FO. These included a member of the National Crime Agency (NCA), who advised AML staff at NatWest Bank to file a SAR related to the customer and the prevalence of Scottish bank notes. Unfortunately, senior AML employees within the bank decided not to do so. Then there were AML professionals from another bank who advised suspicion had been identified in relation to their customer who had received funds from the FO’s NatWest account. Once again, NatWest did not file a SAR related to the account, specifically the cash activity of FO.
There were NatWest Bank employees at the cash depots who raised concerns and suspicions, but ultimately in isolation and without aggregation none of the concerns and suspicions led to the submission of a SAR to the financial intelligence unit. Some NatWest Bank branch employees raised concerns – suspicions about the cash deposits. In one instance, a person depositing £5,000 made up solely of £50 notes kindly advised the NatWest Bank employee it could not be money laundering because it was less the £10,000. Of course, the smart NatWest Bank employee determined this was suspicious, but once again, no SAR was filed.
There are a lot of good people out there confronting these issues and taking action, this case should further motivate them and inspire them. In the event they were previously unaware, this Agreed Statement of Facts clearly tells them, you were right, so more of the same please, keep up the good work and don’t let others deter you.
The Agreed Statement of Facts posits the relationship manager fabricated the nature and content of some meetings with FO and between FO and regulators. In multiple instances the relationship manager rejected suspicions and provided explanations for the cash activity being processed through the FO accounts. In each instance the explanation was accepted and as a result, notwithstanding the increasing number of internal SARs, as well as transaction monitoring alerts, the aggregated activity did not lead to the filing of any SARs with the financial intelligence unit.
Cash is one of the most dangerous commodities on Earth, people kill others to steal cash, which is why many businesses pay others to move and store their cash, as well as other valuables. This case has been named by some commentators as the Bradford Laundromat, which suggests the laundering took place in Bradford, but this is not true. The Agreed Statement of Facts informs readers, cash deposits were made into FO accounts in 50 different NatWest branches spread across England.
The BDQ service enabled customers of FO and third parties to deposit cash into any branch equipped with a BDQ service, whereas other parties paid cash over the counter, presenting themselves as customers of FO, making payments. Between July 2014 and September 2016, some £14 million in cash was deposited at the Park Royal branch of NatWest Bank in London. Between January 2015 and March 2016, £42 million of cash was paid into FO accounts at NatWest Bank’s Southall branch in London.
Cash paid into the FO accounts using cash in transit security companies was delivered to five different cash depots, ranging from Washington in Tyne & Wear to Maidstone in Kent. In contrast to all of this, only a mere £12 million of cash was paid into the Bradford branch were FO held its accounts.
Some NatWest Bank staff complained about the scale and volume of cash paid into various branches. In some instances, there was insufficient room within the safes to store the cash, pending collection by a cash in transit, security company. The value of cash paid in using BDQ far exceeded the £10,000 upper limit currently referenced within the bank’s own advertising.
There is no reference to the FO using alternatives to cash or being advised to instruct their customers/third parties to do so. The cash presented logistical problems and risk to NatWest Bank, as most branches are insured to hold limited cash, commonly £50,000 or less. Moving the cash from a branch to a cash depot costs money and whilst the costs are substantially pushed back on to the customer, there are resource implications for NatWest Bank.
FO were presented with significant charges for the handling of the cash paid in and withdrawn from the FO accounts. Consequently, FO became the biggest fee earning account, not only within the Bradford branch, but within the wider region. There can be no doubt this added more challenges to NatWest Bank, the AML officers and other managers.
There were times when NatWest Bank staff requested the customer make more use of cash in transit security companies and NatWest Bank offered to reduce some of the charges to encourage this. Nonetheless, cash continued to flow through the BDQ system and to be presented over the counter. There is no reference within the Agreed Statement of Facts to any cash being rejected, because limits were exceeded or unacceptable risks were presented.
In contrast, during the early stages of the first lockdown I broke open my sealed money box. Times were not hard, it was more a case of the counting all of the coins gave the family and I something to do. When restrictions were eased and I was permitted, I went to my local bank (not NatWest Bank) to deposit the multiple bags of coins, only to be told I was limited to depositing ten bags per day. Not for one moment do I believe this was AML related, rather it was customer care. The bank was managing queues and determined it did not want a coin bag bearing customer to take too much staff time, to the frustration of other customers.
The point being, the bank took control, dictated the terms of business and rejected my cash. Well not quite rejected, but controlled the style, frequency and as a consequence, the value of the deposits I could make. Needless to state, I am not the highest fee paying customer of the branch.
Imagine an organised crime group being made aware of huge sums of cash, in excess of £1million being held at a specific NatWest bank branch and or the movements of a cash in transit security company collecting such sums from a branch of NatWest Bank. Staff within one branch complained to management of the risks presented by BDQ and over the counter cash deposits paid into the branch. Essentially staff were concerned, worried, perhaps even frightened.
There have been instances of criminals making cash deposits into accounts, only for the same branch or sub-post office to be later robbed or burgled, meaning the same cash was stolen.
Too much cash held for too long could invalidate a bank’s insurance cover and further increase the risks posed by the cash, but what about the customer’s risk. The 2013 unaudited accounts for FO show a profit of £57,612 – so how does a business with such a small profit withstand a cashflow loss of £700,000 (the money within two bin liners deposited at one branch of NatWest Bank)? What other risks do the owners and controllers of such a business take? Do they apply adequate due diligence to the cash and their customers who present/pay with the cash? Do they accept the risk, some of the cash may be the proceeds of crime?
Jeffrey Robinson, the author of The Laundrymen stated, ‘Dirty money is like water, it seeks the course of least resistance’. Thus, a substantial risk with such large volumes of cash, sometimes delivered in person, is the appearance of little, perhaps no resistance. This is something the AML professional should look for, because the money launderers and organised criminals may already have found it. In this case, it appears criminals found NatWest Bank to be a place which presented minimal (there were some challenges to FO) resistance to their dirty money.
AML regimes around the world require banks and regulated firms to train staff to report suspicious activity, internally and externally by AML professionals. Thus, we are encouraged to be suspicious, after all, we are often investigating financial crime and managing financial crime risks. Consequently, we train colleagues and we constantly seek to learn more in order to deter, detect and ultimately defeat money launderers. The training includes indicators/red flags for suspicious customers and activity.
As referenced above, there were a number of instances when NatWest Bank staff were suspicious and reported the same. The training worked, but not completely. Two external parties shared their concerns and suspicions with NatWest Bank AML professionals. This presents the question, can a person transfer their suspicion to someone else?
In June 2016, West Yorkshire Police (WYP) engaged with the bank and advised a large-scale money laundering investigation was being conducted upon FO. The bank started to cooperate with WYP, filed a number of retrospective SARs and sometime later the FO accounts were closed. Thus, we learn, suspicion can be transferred, given at this stage, no one had been convicted of money laundering.
The filing of the retrospective SARs proposes NatWest Bank AML managers determined prior suspicions should have led to the filing of the said SARs. In other words, there always was enough suspicion and it was only the intervention by WYP which caused the AML managers to look again at the prior internal SARs and transaction monitoring alerts. Nothing had actually changed, after all, the NCA had previously advised the bank to file a SAR, but AML managers declined to do so. Perhaps pushing back against the transfer of suspicion.
Pursuant to all of the above, NatWest Bank self-disclosed concerns to the FCA, related to AML controls and a potential failure of the same.
There were a lot of suspicion indicators/red flags attached to the FO accounts, transactions and wider relationship management, but central to all of this was the large volumes of cash. Cash remains king in the world of crime, so say the policing experts, which is why banks and regulated firms need to be vigilant and present resistance to the dirty money flows presented by criminals.
There were a number of record keeping issues which arose in this case, not all of which were bad. Some of the internal SARs recorded information provided by the relationship manager and the customer, which would later prove to be false, which is very helpful to law enforcement when they are seeking prosecute offences of dishonesty.
In other instances, there were no records, sometimes, because there was nothing to record and therefore, nothing to supervise, assess or consider when investigating an internal SAR. Essentially the relationship manager did not undertake scheduled periodic KYC reviews for FO and this was not identified within any supervisory or quality assurance process.
The case demonstrates the significance of missing information, which in turn presented missed opportunities for the bank to seek more information from FO, before assessing and analysing the same.
It appears there was inadequate aggregation of information regarding the internal SARs, transaction monitoring alerts and information, concerns presented by external third parties. When all of this is put together, there is a compelling case to file a SAR and close the cash business of FO.
When commentating upon a case such as this, criticism is easy, but of little value, whereas recognition and praise for the things the bank and staff did well, can encourage others to copy/replicate such good work. Hindsight allows everyone to look back and identify areas for improvement as well as opportunities to intervene and frustrate the launderers, therefore we will finish by proposing some controls banks, regulated firms and AML professionals may wish to apply to customers seeking to deposit large sums of cash.
All of the above can protect customers, colleagues and shareholders, whilst simultaneously presenting resistance to dirty money.
As AML professionals we are accustomed to holding difficult conversations with colleagues, sometimes customers, occasionally regulators and a number of third parties. Indeed, this is part of our job description and our daily role. When dealing with suspicions of money laundering, we may need to ask blunt and direct questions, when doing so we should always keep upper most in our minds, how would we answer such questions.
In this case the difficult conversations were between AML colleagues and relationship management teams. It will always be difficult to challenge those managing the highest fee earning customer relationship in the branch, region, country or entire bank, but history has shown, these are often the dangerous relationships, through which funds are being laundered[3].
Suspicion should only evaporate when logical and reasonable explanations are provided. Such explanations should be recorded and where necessary supported by independent evidence. When challenging a relationship manager with concerns or suspicions about their customer, you are essentially challenging their judgment. Always remember, you are the AML expert and you are paid to apply this expertise. Be prepared to request evidence which justifies high volume/value cash activity as well as logical and reasonable explanations as to why alternative financial services are rejected. Know your AML laws and at the same time make yourself aware of the T&Cs with a customer. Think risk, and evaluate the risks being taken by the customer, do they make sense?
In 2022, when assessing this case we find ourselves looking at the very basics of money laundering and AML controls, cash, KYC, risk assessments, transaction monitoring, training, SARs and record keeping. As with all cases, we are presented with an opportunity to learn and we must embrace this.
The primary lesson is control and ownership of control, essentially we, the AML professionals hold the on/off switch for relationships, transactions and accounts. We can say no, or otherwise, we can impose rules, requirements and controls. We tell customers how to use our services and we do not allow the same to be abused. I have always said, people, not banks launder money and conversely people, AML people have the power, influence and control to stop it. Hence, I posit this case is far more about people than it is about, systems and automation.
As the connected trials unfold within the coming months, we may be presented with opportunities to learn more and ensure we present robust resistance to dirty money/cash.
[1] FO is a UK incorporated company (Co.# 06700438) currently in liquidation, which previously operated as a jewellery business in Bradford, Yorkshire
[2] The relationship manager has been arrested and at the time of the publication of The Agreed Statement of Facts, he remains under investigation. His employment with Nat West has been terminated.
[3] This was the case with the 1MBD scandal and Goldman Sachs as well as Danske Bank and it’s Estonian branch, as well as the Bank of New York case, involving Lucy Edwards (a senior bank employee), Peter Berlin (a plumber) and the Delaware companies Becs International Ltd and Benex International Ltd
Copyright © 2022 Martin Woods/AML Woods. All rights reserved.
As with 2020, 2021 was a challenging year and as we enter 2022, we face continued Covid-19 headwinds. There are restrictions upon travel, more working from home, with many firms losing customers and business opportunities. All the while, the global anti-money laundering (AML) community work to comply with laws, regulations and rules, simultaneously seeking to deter, detect, report and all being well, stop money laundering.
Against this backdrop, we want to focus upon positive, thinking, messages, opportunities and hopefully outcomes. The fact is, negative is easy and commonly unproductive. For sure, there is a place for criticism, indeed criticism can identify and present opportunities to adjust or enhance processes. Positive thinking is more engaging, rewarding and when applied to AML it may provide solutions to problems as well as improvements to existing processes.
Positive anti-money laundering solutions and training (PAMLST)
Pursuant to the above I have determined in 2022 my mantra will be PAMLST. I want work with The Laundry, The Global Compliance Institute (GCI) and AMLWoods to create a think tank and natural provider of alternative strategies, intelligence and training solutions for firms and banks seeking to change, enhance or even rebuild their AML frameworks. Please note we do not want to compete with similar groups or organisations, whilst competition is healthy, collaboration is healthier.
Everyone knows change is a constant. Life is change and evolution is change. We should not fight change, albeit it is often a natural instinct, for some people to do so, because they have anxieties about it. We should drive change and in doing so reject the failings within the status quo. We can and therefore, we should do so much more with the AML resources and funds collectively spent by the public and private sectors.
My friend David Lewis, the former Executive Secretary of the Financial Action Task Force (FATF) has made a number of calls for change. In particular, he has previously advised the global AML community not to try and stop all instances of money laundering. Now some may instantly react and ask two questions. Why should we stop pursuing such a noble endeavour? While others will ask, why would he make such a proposal? The answer to both questions is the application of risk-based approach to AML.
The key word here is risk, I will offer some alternative risk thinking later, for the time being we need to accept and apply the very basics of risk management. Our lives are risk based, some very unfortunate people, risk becoming ill or dying when drinking water from rivers, wells and ponds, whereas others wear uniforms and stand on the front line, fighting diseases, whilst accepting, but seeking to mitigate the risk of being infected with such diseases. Many of us take a risk when we walk out of our homes, the roads maybe uneven, and we could fall over. A motorist’s attention may be drawn to a mobile telephone, subsequently causing him/her to crash the vehicle and harming or killing us.
There is always risk, but such risks do not stop us living our lives. When the risks are very high, such as the infection risks from Covid-19, governments impose additional restrictions to protect citizens, including the brave health workers on the front line fighting the virus. In the world of AML, risk-based means there will be a risk money will be laundered, notwithstanding the controls put in place, but we must carry on with our legitimate business and accept such risks.
Historically the global AML community has applied a risk model of high, medium/standard and low. Variations have seen some instances which have added ultra-high and simplified risk. Perhaps 2022 is the time to think about an alternative approach, similar to the risk-based approach applied by airlines and airports. Here there is a constant reliance upon intelligence and scientific advice.
Airline passengers are permitted to carry small quantities of liquid (no more than 50ml), within a small bag. There is a tolerance of the risk presented by such small quantities of liquid. Beyond this tolerated risk, there is the managed risk of passengers carrying medication and young parents carrying milk for their babies. Outside of these parameters the risks, including containers with more than 50ml of liquid are rejected.
There is no discretion at the airport, the rules are robustly enforced and passengers accept the same as terms and conditions of travel. Drawing upon the lessons presented by the passenger airline industry, we could reconsider our approach to risk and perhaps tolerate the low level of money laundering risk presented by groups of customers, accounts, transactions and products. It is not common practice at an airport for every case to be searched and/or every 50ml container of liquid be examined.
Applying alternative thinking, should we now be looking for the accounts, customers and transactions which present a low level of tolerated risk? Note, this is not a proposal of no risk, as stated above, there is always some risk, but we cannot be all things to all money laundering risks, at all times. To some this is a bold proposal, but at the same time it is logical. Imagine a policy of physically searching all luggage and examining all liquids at an airport?
Tolerated risk can be based upon, value, volume, frequency and method of transactions. With this in mind, can we apply some statistics, some science to the risk-based approach to AML? Low value credits present a low money laundering risk. To which some readers quite rightly raise the issues of accounts being used by young people to launder the proceeds of ‘county lines’ drug trafficking. Remember there are some instances when airport employees do examine the contents of some 50ml liquid containers. Moreover, there are always simple controls which can be added or adjusted to attend to new or specific money laundering risks.
So back to these low value, tolerated, money laundering risks, which could include personal accounts with a small, perhaps a single, monthly credit from a known legitimate source. Other factors could include, no international transactions, no cash transactions and low value debits.
It is not about the prior or existing AML processes and thinking, rather it is about possibilities presented in 2022, with new positive thinking and the courage to drive the changes required to make a difference and improve the outcomes. During the course of 2022, we will dissect some of the prior money laundering prosecutions and regulatory actions, not to be critical but learn from and provoke debate around change.
The money laundering threats have not changed considerably, of course there are new products and services which can be used/abused by money launderers, including crypto currencies and digital assets, albeit these are not as friendly to launderers as may be typically perceived. Cash remains king, because it breaks audit trails and simultaneously removes credit risk within the world of crime. It is the auditability of crypto currencies which has led to huge losses to organised crime groups. The lessons we need to extract from cash is to understand how our customers handle cash, the risks they take and how these risks impact our business. Please look out for the cash paper we will publish in Q1 of 2022.
The second risk which remains unchanged is that of international payments, using correspondent banking. Money launderers have always sought to move the proceeds of their crimes out of the countries and jurisdictions where the predicate crimes were committed. Connected to this is the use of corporate entities, both offshore and on shore. Bluntly, money launderers do not use personal accounts for a number of reasons, which is evidenced within almost all prior major money laundering prosecutions.
The risks presented by politically exposed persons (PEPs) has evolved from despots stealing vast sums of public money and laundering the same in other countries, but such despots and high-ranking politicians continue to present the highest level of PEP risk.
You are, most importantly, your customers are not in charge, you can determine the tolerated, managed and most importantly rejected risks. You can tell customers whether they can deposit cash and what value is tolerated. You can say no to cash; you can tell them where, when and how to deposit cash. If they don’t like your instructions they can take their cash, their business and their risks somewhere else.
Let me give you some context, during lockdown I broke my smash pot containing thousands of coins and a small number of notes. When I was permitted to deposit the coins into my personal account, my bank restricted me to ten bags of coins each day. I fully accepted this very sensible rule, I am not a money launderer I didn’t argue. The rule was put in place for the benefit of all customers, who did not wish to queue behind a man with 100 bags of coins.
You can make, apply and enforce the AML rules in your firm, which should ensure you reject any customer delivering £700,000 within two black bin bags. Such cash handling presents huge risks to customers, as well as bank employees, your colleagues and these risks should be rejected by AML professionals.
Training should be focused upon how to help you to apply the laws, stop money laundering, protect shareholders/staff and save money. We change all of the time, because risks change, throughout 2022, The Laundry will keep you updated and these publications will help some of you to do far more with much less, by applying a tolerance to money laundering risk. We must retain a positive mindset and collectively assert well trained employees have the potential to stop money laundering and save lives, while simultaneously saving employers and shareholders money by better focusing collective AML endeavour. We aim to help firms, banks and individuals achieve their full AML potential in 2022.
We very much look forward to working with you and will seek to measure our AML progress in 2022.
Copyright © 2022 Martin Woods. All rights reserved.
Last month, law enforcement agencies around the world arrested more than 800 members of organised crime groups. Most were not caught in the act of committing a crime. Instead, they were asleep in their beds, possibly believing they were safe as the crimes had been committed some time ago and they had not been caught. Well, it’s happened again, communication has been their downfall. Only this time law enforcement officials did not need to break a code, because this time, they controlled the code.
The case of ANOM, within which law enforcement agencies infiltrated organised crime by providing secure communication devices. The devices were modified mobile telephones which communicated upon a secure network. Criminals were led to believe their communications would be secure and the network could not be penetrated by law enforcements agencies. Unbeknownst to the criminals, law enforcement agencies had total control over and unlimited access to the network. Consequently, law enforcement agencies intercepted and analysed millions of messages, some of which were reported as plans to commit murders.
The case once again highlights, the importance and simultaneously the vulnerability of communication. It has been said armies, and for this article we will include organised crime armies are at their weakest when communicating. Of course, the Enigma machine created by Alan Turing and others during WWII bears testimony to this.
Now, I am not suggesting we as compliance and risk professionals should spy upon our clients, on the contrary we should be working to stop other people spying upon them. That stated, we should fully understand and exploit those moments when we are in communication with our clients, as these present opportunities to project our business; to protect legitimate clients and to potentially deter, detect or frustrate criminals who seek to abuse our services. Furthermore, information gleaned from bad actors may one day be of significant evidential importance within an investigation or prosecution.
When communicating with clients we can use the opportunity to educate them, indeed warn them regarding emerging fraud and money laundering threats or trends. Moreover, we can advise clients how we communicate with them, and specifically advise the kind of intrusive privacy questions we do not ask of clients. Of course, fraudsters do ask such questions, as they seek to obtain personal data by way of artifice and then use the same to defraud the clients. Most importantly, always tell clients to feel free to put a phone down, stop answering questions and emails at anytime, in the event they feel uncomfortable.
Thus, how we communicate with clients as well as when and most importantly how such communication is recorded and retained is very important. It is has always been held that face-to-face engagement with prospective clients reduces risks presented by financial criminals, because they do not want to show their face. This is why criminals use offshore companies, corporate accommodation addresses and nominee parties who pretend to be the owners or controllers of such offshore companies. It is our job to get beyond these nominees and identify the ultimate beneficial owners and controllers.
In the event a client or prospective client is reluctant to communicate with us, we should immediately identify bright red flag. Such reluctance often indicates there are parties who are seeking to hide and do not want to be identified. Communication should not let us down, rather it should serve as a shield would we ever be challenged as to why a prospective client was approved or a relationship with an existing client was terminated.
It was the records of the communications which led to the arrest of the criminals and will ultimately led to their conviction. Essentially law enforcement agencies have irrevocable records of what was said, when, where, by whom to whom. These connections will not be based upon the vague recollection of a witness, no they will be based upon robust communication records. Thus, financial crime and compliance professionals must make and maintain records, which extend beyond a ‘know your client’ (KYC) process, to records of conversations with clients, relationship managers and colleagues.
Making and maintaining communication records will serve you well and allow you to rely upon the same should you subsequently be cross examined upon your actions. Absent to records, the financial crime and compliance professionals invite unwanted scrutiny, challenge and even doubt.
There was a time when the pen was mightier than the sward, but in 2021, technology has taken over from the pen. Mobile telephones communicate in many ways and can effectively talk to systems even when we are not actually using them to communicate. Data extracted from mobile telephones can place devices and users in specific places at certain times. Pursuant to which surveillance cameras may also make a record of our presence at specific locations at certain times.
We live in an age of surveillance and whilst we have nothing to hide and no one to hide from, we should always assume we are being watched and what we say may be recorded. Nowadays everything we write is automatically recorded by the devices we use. Very few law enforcement and regulatory investigations are undertaken without using electronic data, in particular mobile telephone records.
We should assume that at some point in time, law enforcement will obtain and may already hold recordings of organised crime groups holding conversations with professional money launderers, including lawyers, accountants and bankers. Such conversations may one day present as evidence which convicts one or more professional launderers.
We may need to update our training to protect our colleagues and shareholders. Simultaneously, we should ensure we never lie to customers, because the customers may be recording the conversations and the lies may later be revealed and cause unnecessary problems.
Copyright © 2021 Martin Woods. All rights reserved.
On 18th May, Mark Steward, Executive Director of Enforcement & Market Oversight at the Financial Conduct Authority (FCA) gave a speech at the FCA Investigations and Enforcement Summit. The speech was titled – The rise in scams and the threat to the legitimate financial services industry. This followed an acknowledgment from the UK government, which accepted on-line fraud was the fastest growing crime in the UK. Thus, you are far more likely to be mugged on-line than walking down your local high street.
Notwithstanding the ongoing efforts of banks and other regulated firms, all are coming under increasing pressure to prevent fraud. Where they fail, they are being ordered to compensate customers who become victims of frauds undertaken within their accounts.
Funds and assets fraudulently extracted from legitimate financial services industry undermine investor/consumer confidence, fund further crimes and harms victims who suffer losses. The FCA are on the front foot and are now more proactively engaged in confronting the fraudsters and protecting consumers than ever before.
One of the tools used by the FCA is a Warning List which is updated almost daily with new scam data, including names of entities and cloned entities (using the name of an existing FCA regulated firm). Consumers are encouraged to use the list to validate the authorised status of firms and protect themselves. Conversely, FCA regulated firms are encouraged to search the Warning List, in order to ensure they do not provide services to, nor facilitate business with any firms named thereon.
One of the highlights of Mark Steward’s speech was listed as-
“However, firms should be doing more to prevent harm also and regulated firms who let down their guard, especially in assisting firms on our Warning List, may well face action from us for doing so as well.”
Some will ponder, does this extend to paying customers’ funds to a party on the list, constitute “letting their guard down” and what are the consequences of doing so?
There are thousands of names on the list, which is presented in date order (most recent updates feature on page one), but the format can be changed to alphabetical order. Behind the names, there are often websites, phone numbers and physical addresses, both in the UK and overseas.
It is clear, Mark Steward and the FCA expect firms to use the Warning List and there appear to be consequences for any firms who fail to do so and as a result, provide services or funds to parties on the List. Okay, so what of the people, connected parties and even addresses behind the list? How much due diligence and investigations should a bank/firm undertake in relation to connected parties on the FCA Warning List?
The fact is, these scams are seldom isolated or orphans, many are connected to each other, some feed off each other, by offering to recover funds for victims, for a fee, of course. The same parties are behind multiple frauds and often, the same addresses are used. This poses the question, should firms be searching or monitoring the addresses used by the fraudsters, many of which are accommodation addresses.
A week after Mark Steward’s speech, the FCA updated the Warning List with details of a suspected scam named, Fixed Rates Finder, with an address of 12 Constance Street, London E16 2DQ. The address is also known as International House and as of 31 May 2021, some 8944 UK incorporated entities have been registered at this address, it is a business accommodation addresss. None of the UK entities is called Fixed Rates Finder.
12 Constance Street is also listed as a virtual office, near to London City Airport and is designated as the postal address for corporate entities connected to a company called Registered Address Ltd. The registered address of this company is shown as International House, 24 Holborn Viaduct, London EC1A 2BN (There are 7513 UK incorporated entities registered at this address) and one of the company officers is registered at International House, 124 Cromwell Road, London SW7 4ET (There are 569 UK incorporated entities registered at this address). These addresses are in turn connected to other “International House” addresses across London. There are also International Houses in Scotland and Wales, listed upon a website for this group.
So, what is Fixed Rates Finder? The FCA have caused the website for this alleged scam to be suspended and advised potential victims to contact them. Presently, we do not know if there is/was a legal entity and where such an entity may have been incorporated. What we do know is the parties behind this suspected scam made use of an accommodation address in East London. What we do not know, is how they were able to use the address within promotions of a suspected scam. Following the publication of the FCA warning, we do not know what actions the address providers have taken.
Ultimately, when combatting fraud, this is all about action. Specifically, the FCA have stated, “The FCA has a substantial role to play here and we are upping our game. We need all of you to do so as well if there is to be a truly effective force field in place.” Thus, what is your game and will it meet with FCA approval? What more can you do to counter the threats from and damage caused by fraud? The answer may lie in the abstract, the sub data, behind the FCA Warning List, including the accommodation addresses the fraudsters use.
Whilst the FCA endeavour to be proactive in the fight against fraud, the fact is the Warning List is substantially reactionary. Consequently, your firm may already be contaminated by and engaged with one of these parties by the time the FCA add the name to the Warning List. Using the address data will present firms and banks with a greater opportunity to identify potentially fraudulent schemes and parties.
In the event this does not fit into your game plan, you may find yourself offside. The data is available and when deployed it produces benefits to all. All, except the fraudsters, who will be frustrated as their attacks upon your firm/bank fail, because of the improvements in your defence.
Failure to improve your game, resulting in a weakened and slow defence will put your bank/firm at risk. Such weaknesses will present as a vulnerability and opportunity to fraudsters who will exploit it. Subsequently, such firms/banks will become the focus of unwanted regulatory attention and penalties will likely follow. The data could be a game changer and enable firms/banks to facilitate the prevention of frauds by forwarding details of other potential frauds, which the FCA can add to the Warning List. When working together, operating a press defence there is an increased likelihood, your game will improve and together, we will win.
Copyright © 2021 Martin Woods. All rights reserved.
“Stop money laundering, save lives” 1
“Stay at home, save lives” 2
Here’s the thing, Covid-19 and money laundering are both killers, which spread rapidly when unchecked and present differing levels of risk when controls are not put in place. There are different kinds of money laundering, there are variants of Covid-19. Both present a threat and whereas there are vaccines that may one day eradicate Covid-19, money laundering is here forever.
If we accept that money laundering is a virus, what is it the anti-money laundering (AML) community can learn from the last 12 months? Moreover, can we identify high-risk regions; high money laundering ‘R’ rates and can we apply a process of “test, contact and trace” to reduce the spread of, as well as threats from, money laundering?
All over the world governments are taking unprecedented actions to save lives, threatened by the spread of Covid-19. This virus is easily spread amongst crowds, as well as through close contact between family, friends and professionals. Consequently, governments have imposed restrictions in all areas of our lives. Some have imposed ‘lockdowns’ and demanded we stay at home, only venturing outdoors for essential journeys.
At a global level, the virus has mutated in different countries and there are now new, more virulent strains. Consequently, governments have identified high-risk countries and implemented yet more restrictions. At a national level, where regions have been found to have higher ‘R’ rates – reproduction rates of the virus – additional lockdowns have been applied.
AML professionals are familiar with high-risk countries, customers/people, products and transactions. In many instances, governments have made calculated risk decisions to sacrifice economic stability and growth in order to save lives and protect health services. At all times, governments have monitored and reacted to the ‘R’ rates.
At a global level, some countries present a high risk of money laundering: both the European Union (EU) and the Financial Action task Force (FATF) publish grey and blacklists of such jurisdictions. At the national level, the micro level, the AML risk ratings disappear and, consequently, the virus of money laundering spreads.
In September 2020, here in the UK, the ‘R’ rates for Covid 19 began to increase; simultaneously, the BBC Panorama team broadcast a documentary highlighting UK connections to the FinCEN Leaks and the laundering of US$ billions. The programme inadvertently referenced the money laundering ‘R’ rate of an address on the outskirts of North London.
Documents from U.S. authorities asserted that Suite 2b, 175 Darkes Lane, Potters Bar, Hertfordshire was one of the highest risk money laundering addresses in the world. For sure, it has a very high ‘R’ rate in the U.S. and, likewise, should be viewed by UK-based AML professionals as a highly infectious money laundering address, an inflamed and radiant virus hotspot.
The address has featured in a number of significant money laundering allegations and investigations; perhaps the most prominent is the money laundering conducted through Danske Bank and Deutsche Bank using U.K.-incorporated limited liability partnerships (LLPs), specifically Ergoinvest LLP and Chadborg Trade LLP. In 2013 and 2014, both entities reported identical profit and loss returns of UK£19,853 and UK£19,183, pursuant to which Panorama reported documents seen by the journalists, showing that at least UK£535m went through Ergoinvest and UK£1.99bn through Chadborg.
All documents submitted to Companies House for both LLPs are signed by someone called Ali Moullaye, on behalf of one of the partners, Kenmark Inc., registered in the Dominican Republic, along with the other partner, Ostberg Ltd.
Applying the process of test, contract and trace to Suite 2B 175 Darkes Lane, Potters Bar has established that some 1183 U.K.-incorporated legal entities are registered at this address and some remain active. Both Chadborg and ErgoInvest were incorporated on 10 September 2012. On that day, 99 other LLP entities were incorporated: 30 were initially registered to the same 175 Darkes Lane address and 21 others were indirectly connected to Chadborg and ErgoInvest. One of the LLPs registered to 175 Darkes Lane remains active.
The partners Kenmark Inc and Ostberg Ltd have been or remain partners for 507 and 508 U.K.-incorporated LLP entities. In addition, they are connected to 14 other U.K. addresses. In many instances, these two corporate partners replaced other partners which had previously been connected to money laundering allegations and investigations; these included:
Each of these corporate partners was registered in Belize and each had previously been appointed as partner to as many as of 3,000 U.K.-incorporated LLPs. The corporate partners, Milltown Corporate Services and Ireland and Overseas Acquisitions, have featured substantially in the widely reported Laundromat Investigations undertaken by the Organised Crime & Corruption Reporting Project (OCCRP). They also featured in the money laundering taking place at Wachovia Bank (now part of Wells Fargo), for which the bank was fined US$160 million.
These corporate partners operate as nominees, behind which the real partners/beneficiaries are located, directly or indirectly. Sometimes ownership and control of theses LLP entities is layered behind a series of other overseas corporate nominee partners. The presence of these particular nominees presents an increased level of risk and simultaneously hides other risks which cannot be seen or assessed.
The symptoms of Covid-19 include a constant dry cough, a high temperature and a loss of the senses of taste/smell; knowing this helps people to self-diagnose and protect themselves, their families and friends. At a higher level, governments assess the numbers in order to determine localised ‘R’ rates and strategies for countering the threats posed by the emergence of new variants of the virus.
So, what are the symptoms of money laundering we should aim to find, assess and manage? Moreover, what are the money laundering ‘R’ rates that pose significant money laundering infection risks to firms?
Using Suite 2b 175 Darkes Lane as an example, a prominent symptom is the presence of an address that has featured in previous money laundering investigations and/or allegations.
Then there are the nominee partners, hiding true owners and other nominee partners, which present even more severe symptoms, having also featured in prior money laundering allegations and investigations.
Furthermore, some parties submit false accounts to Companies House. Such accounts are often identified, alongside the signatories, who have also featured in prior money laundering investigations.
If all these symptoms are present it is possible to identify addresses that glow like inflamed sores and connect to other addresses/inflamed sores, causing the virus of money laundering to spread.
Addresses like Suite 2b, 175 Darkes Lane have, according to my diagnosis, a very high money laundering ‘R’ rate. Which is helpful to know, as it means financial institutions and firms are then able to avoid infection and the increased money laundering risk that such locations present.
Of course, it’s only reasonable to assume that some of the corporate entities registered at these high ML risk addresses are engaged in legitimate business, but they have nonetheless been contaminated by the address. In the event a financial institution or firm decides that the risk of frustrating and rejecting legitimate business outweigh the threat posed by highly suspicious, money laundering-connected businesses, they will expose themselves to the virus of money laundering.
During the Great Plague of London in 1666, the authorities sought to reduce and prevent the spread of infection by identifying high-risk addresses. Essentially, any address in which an infected person resided was literally labelled as high risk – a red cross was painted on the door, which was boarded and nailed shut to prevent the inhabitants from going out and spreading the disease. It was a draconian measure, which effectively handed a death sentence to all those resident at the address, but on the sound premise that all inside would have contracted the plague from the infected person with whom they lived.
More recently, governments have imposed stronger lockdowns where there are higher rates of infection and simultaneously restricted movement into and out of these areas. All the while, governments acknowledged these measures would be indiscriminate and, as such, would be applied to people who were in some way immune to Covid-19, but blanket controls were considered to be necessary and effective.
The Laundromat Investigations have published the names and addresses of the U.K.-incorporated LLP entities that have featured in their investigations, but this money laundering intelligence has not been fully exploited by financial institutions and firms. Consequently, launderers have remained calm and carried on laundering. Ultimately, the failure by banks to counter this threat has cost executives their jobs with substantial penalties paid to settle regulatory and criminal cases.
As with legitimate businesses registered to one of the addresses with a high ‘R’ rate for money laundering, there are people who are immune to Covid-19, whereas others will have unknowingly contracted the virus and developed antibodies.
Governments estimate that as many as one in three people can be infected by Covid-19 and not know it. Such people can unwittingly spread the virus whilst not displaying any symptoms. Conversely, there are some symptoms of the virus which exist, but are neither seen nor acknowledged. Similarly, some corporate entities have hidden symptoms of money laundering, by virtue of characteristics which are not present, as much as some red flags which can be seen.
All the U.K.-incorporated LLP entities previously mentioned as having links to high profile money laundering allegations and investigations submitted false accounts to Companies House. In addition, none had registered for VAT; none had registered with the Information Commissioner; and none had a website. Essentially, all the entities had hidden money laundering red flags, which contributed to and increased the money laundering risk.
Then there are the groups, the crowds or, in terms of Covid-19, the absence of such groups and crowds. In order to reduce risk and the spread of infection, governments have imposed restrictions on people coming together, which has meant cancelled sporting events, Christmas parties, weddings and much smaller attendances at funerals. All these measures have made a significant contribution to reducing the spread of the virus. In contrast, many of the U.K.-incorporated LLPs connected to money laundering investigations and allegations were incorporated in groups, often on the same day, as we have seen.
Such U.K.-incorporated LLP entities seldom sit in isolation, which means there is an increased risk of money laundering infection for financial institutions and firms that deal with corporate entities based at addresses with high money laundering ‘R’ rates. Data on corporate entities, in particular their address, should be used to identify other, existing areas of money laundering infection/risk and to prevent it coming into contact with and contaminating a financial institution or firm.
Each person infected with Covid-19 may be impacted differently: some people will just carry the virus, display no symptoms and suffer no adverse health issues; at the other extreme, Covid-19 may be the cause of death. The common factor is the presence of the virus, seen or unseen. By analogy, each of the U.K.-incorporated U.K. LLP entities is unique in name and number, albeit, as they are often incorporated in groups, sometimes sequential registration numbers and similar naming characteristics will be evident. The common factors are the addresses and the pairs of overseas, nominee, corporate partners.
Just as government policies and strategies have been influenced by ‘R’ rates for Covid-19, AML and financial crime practitioners must use the money laundering ‘R’ rates to protect their financial institution/firm, colleagues, executives, shareholders and legitimate customers from infection by money laundering. Moving from a micro analysis of an individual corporate entity to the screening of prominent high ‘R’ rate money laundering addresses will prevent money laundering, reduce costs, save time and ultimately may save lives.
1 David Lewis, Executive Secretary Financial Action Task Force (FATF)
2 World leaders (well, most of them)
Copyright © 2021 Martin Woods. All rights reserved.
On 7 June 2021, I was presented with a LinkedIn notification which informed me a group of AML & KYC Leaders had welcomed its 7000th member. “Wow”, I commented and added, “No soldiers?” Obviously, there is no AML & KYC soldier group, because on this social media-business dating App, we project a more flattering image of ourselves. Of course, there are 1000s of AML and KYC soldiers, after all the management of these two disciplines has become a body count business and consequently there are some vast AML and KYC armies out there.
Back to these leaders, I pondered, who are they? Where are they? Am I one of them? I wasn’t referring to myself as a leader, I was just unsure if I was a member of the group, I don’t believe I am. I may have been at one time, I am not sure and if I was, I have likely been excommunicated for my insubordination towards the leaders.
So who or what is a leader? I have lifted this definition from Google:-
“A leader is someone who can see how things can be improved and who rallies people to move toward that better vision. Leaders can work toward making their vision a reality while putting people first. Just being able to motivate people isn’t enough – leaders need to be empathetic and connect with people to be successful.”
That’s good news, the disciplines of AML and KYC have 7000 leaders who can see how outcomes and processes can be improved, they have a vision, are rallying the soldiers and they are taking us to a better place/vision. Pause a minute, in the event they all see it differently we may simultaneously be heading in 7000 different directions. So, is there a leader of the leaders? Well, the answer is, yes and his name is David Lewis, the Executive Secretary of the Financial Action Task Force (FATF). I do not know if David is a member of this specific LinkedIn group, but I have previously stated he is effectively the leader of the global AML community.
Moreover, he has the characteristics of a leader with a vision. In 2020, when interviewed1 about global AML efforts and outcomes, he said, “I would sum up the results as ‘everyone is doing badly, but some are doing less badly than others,’”. Sometimes, to have a vision of where you need to go, you need to understand where you are, before you embark upon the journey.
David Lewis had the courage to call out our collective AML failings along with empathy, as he placed himself and the FATF in the failing group. When I spoke with him about this, he acknowledged the FATF had failed in some areas, and he was initiating change, he knows where the FATF needs to go and has a vision of how to get there.
Now back to these 7000 ladies and gentlemen within the LinkedIn group, I must hope that they too can acknowledge our collective failures, I personally am a failed AML professional, I must be, because that is my business and I am either doing badly or less badly than other failed AML professionals. I am not at all offended by David’s comment. On the contrary, I find the statement liberating and motivating, because it helps me to see there is a problem and I need to do better.
For the time being I am content to be a soldier and follow David Lewis’ leadership, because I think he is taking AML and KYC to a better place. In contrast, I am not sure who the 7000 members of the LinkedIn group are, or where they are heading to.
1Interview conducted by Simon Bowers, then of the International Consortium of Investigative Journalists (ICIJ): https://www.icij.org/investigations/panama-papers/everyone-is-doing-badly-anti-money-laundering-czar-warns/
Copyright © 2021 Martin Woods. All rights reserved.
I have just read a short piece by my friend BC Tan, in which he commented upon the annual Thomson Reuters publication, The Cost of Compliance. BC referenced the survey of the top 3 skill sets required for an ideal compliance officer in 2021, being:
1. Subject matter expertise
2. Communication skills
3. Ability to anticipate future regulatory trends
This caused me to ponder, is integrity a skillset or a characteristic? Is subject matter expertise, an acquired skill set? I believe I have the requisite skills, but I am not the ideal compliance officer in 2021, indeed, I have not been for many years. The reason being is I cannot be trusted. It’s not that I am dishonest, on the contrary I have a profile and a reputation for being very honest. I do not have a criminal record and I have a robust credit history. I hold diplomas in anti-money laundering (AML) and financial crime, as well as fraud investigation qualifications. I have previously held the roles of money laundering reporting officer (MLRO) and head of financial crime, so I think I am qualified and experienced, but I am not ideal.
The reason I am not trusted is because in 2008, I blew the whistle against my former employer, Wachovia Bank NA, now part of Wells Fargo Bank NA and as such I went against the bank. I stood alone and said, laundering money for Mexican drug cartels and Eastern European organised crime groups was/is wrong. It was as though, I was the problem, not the money laundering customers. All was well until Martin Woods opened his mouth and told tales.
To some I am a traitor, to many, my actions mark me out as a man who cannot be trusted. The irony of it, I am too honest to work for a bank. Over the years I have applied for hundreds of AML and financial crime roles at various banks. In some instances, I secured interviews, in one instance, I secured a contract, which was later withdrawn and in another, a contract was in the process of being drafted, but it never arrived.
Circa 2010/2011, I was interviewed for an interim role as MLRO covering maternity leave for the corporate and commercial banking division of the Royal Bank of Scotland (RBS), now NatWest Bank. I distinctly recollect one of the senior bankers who interviewed me saying he would want me to do exactly what I had previously done at Wachovia Bank and that was why he wanted to hire me. I was uplifted by the words and commitment. Later, the employment agent advised the contract was being drafted. This is the contract that never arrived.
For a number of years, I had grown increasingly perplexed and frustrated, it was not until I was recruited as the MLRO for Thomson Reuters (Reuters) foreign exchange trading business, that I learned what had happened. Upon employing me, Reuters submitted a form ‘A’ to the Financial Conduct Authority (FCA) and requested their approval to appoint me as the MLRO. To my surprise, this request was declined. I was in limbo, I had a role, but I would be unable to fulfil it if the FCA withheld their approval.
The situation was not immediately resolved, in fact it took 91 days to overcome the issues presented by the FCA. It transpired, I had been labelled as a ‘non-routine’, which effectively blocked me receiving approval from the FCA. Most firms and banks are immediately put off when they see this and consequently do not proceed with the application and the candidate.
Interestingly the same year in 2012, the FCA took three days to approve an FX manager as MLRO for a business Reuters had acquired. The man couldn’t spell AML, let alone tell you what it meant. So, there I was, qualified for the role and credit to Reuters, they had hired me because I was a whistleblower, nothing was hidden and they trusted me. Importantly, they backed me in my confrontation with the FCA.
I engaged lawyers and discovered the FCA alleged I had breached a non-disclosure agreement (NDA) I had signed with Wells Fargo. I hadn’t, Wells Fargo, the other party to a confidential agreement, determined I hadn’t and after allowing the FCA to see the agreement, they reluctantly agreed and my appointment as MLRO was approved.
I remained angry and intrigued as to what had taken place, why and how. In January 2013 I served legal notice upon the FCA (Data Protection Act, subject access request) and received copies of hundreds of documents, including emails and reports which discussed me or related to me. I discovered, it was in fact the FCA, not the banks who did not trust me, perhaps more accurately, did not like me.
The blunt fact is the FCA do not like whistleblowers, because when you blow the whistle upon a regulated firm or bank, you are likely to be simultaneously blowing the whistle upon regulatory failure. Moreover, the parties you are blowing the whistle upon, actually pay the salaries of the regulators, in the form of fees. Be warned, big banks pay a lot of fees.
Upon reading the documents I obtained from the FCA I established senior managers within the FCA were concerned that I would say something negative about a function of the FCA, namely the whistleblowing department, given the way they had treated me.
In early 2010, a third party sent the senior managers an email, attached to which was a promotional document for a financial crime conference I was scheduled to present at in Miami, later that year. The document specifically stated I would not breach my NDA, instead I would talk generically about what actions a person could take if they discovered or suspected criminal conduct within their firm/bank.
The FCA ignored the reference to me not breaching the NDA, which they mistakenly believed prevented me from saying anything at all about the money laundering at Wachovia Bank. On the contrary, the NDA only prohibited me telling lies about the bank. Well, I am a whistleblower, my sword and my shield is the truth. Moreover why would I decide to tell lies about the bank when the truth presented an incredibly compelling narrative of a bank which some say, almost made money laundering a core business. One commentator actually described the bank as the world’s first full service, narco bank.
Back then in 2010, the FCA asked Well Fargo if they would be taking action against me for breaching a confidential NDA, that the FCA had never seen. Wells Fargo stated they would not be taking any action. This was logical, because there had been no breach and this would remain the case in Miami later that year.
Within the email dialogue between the senior managers, they accused me of talking to the media, which, at that time, I had not done so. Given I was in fact the one person at that time encouraging people to blow the whistle to regulators, what was the harm in talking to the media?
Frustrated and fearful of me saying negative things about the FCA, the senior managers hatched a plan. They fabricated allegations against me, alleging I had breached a NDA and in doing so I had placed a question mark against my integrity, which challenged whether I was fit and proper to work in the regulated sector, should I decide to return to work in the future. In order to hide their actions and identities, they invented a non-existent whistleblower and attributed these allegations to this non-existent person. Then, they had a colleague create a fake whistleblowing report and attach the same to my personal file, thereby labelling me non-routine.
It was a spiteful act of revenge by a group of men who disliked my criticism of them and the FCA. I had been blacklisted and they had put in place a label which they hoped would hurt me and stop me ever again being approved by the FCA to undertake the role of MLRO and stop money laundering.
One of the roles this action impacted was the temporary maternity cover with RBS/NatWest Bank.
I complained to the FCA and alleged a lack of integrity by a number of senior managers, as well as malicious conduct. The FCA’s complaints department did not agree with my allegations of misconduct by FCA staff, instead they said there had been ‘some relatively minor failings’, which ‘demonstrated a lack of care’.
Minor failings extended to:-
All of which shows a ‘lack of care’. Which is not true, they cared very much, they cared enough to behave in such a deceitful way.
Furthermore, in justifying these actions and the ‘relatively minor failings’, the FCA’s response continued the deceit and suggested intelligence had been received which alleged I had breached the NDA. This was not true, there was no intelligence, beyond a simple ‘FYI’ referring to the promotional document for the event in Miami. The cover up was taking place.
Pursuant to which the FCA complaints and financial crime department stated –
‘Logging information which poses a risk of adverse publicity in relation to any of the FSA/FCA’s functions seems both sensible and appropriate’.
Be warned, saying something negative, albeit true about the FCA can get you blacklisted.
But here was the motivation clearly articulated by the FCA, and it was because of this perception the senior managers embarked upon a spiteful course of vengeance.
Notwithstanding all of the above, the FCA found no evidence that allegations had been fabricated and a fictitious whistleblowing report being created. Thus, this makes me a liar and I should expect the FCA to take appropriate action, after all I am now alleging the investigation is part of a cover up and if I am making it up, I am defaming the FCA, indeed I am challenging the integrity of the FCA.
The FCA have now applied a criminal money laundering charge against NatWest Bank, the bank I so nearly worked for as their MLRO in 2010/11. I believe the deceitful actions of the FCA stopped me taking that role. I have a reputation for stopping money laundering, I have done so everywhere I have worked. Who knows, maybe I could have stopped the money laundering the FCA now allege the bank engaged in.
The FCA embarked upon a course of action to ensure I would not repeat my conduct at Wachovia Bank, but a senior banker at RBS/NatWest Bank actually wanted me to so, should I find it necessary to do so.
Thus, who is guilty of what here? I believe the FCA actually stopped me taking my AML skill set to NatWest Bank and now they are prosecuting the bank for AML failures. You couldn’t make it up, well, you could if you worked for the FCA, after all, they did.
Copyright © 2021 Martin Woods. All rights reserved.
In June 2011 the Financial Conduct Authority (FCA), known at the time as the Financial Services Authority (FSA), published the findings of a thematic review* of the high risks within banking. The Financial Crime Thematic Review (FCTR) of the 12 banks’ management of high money-laundering risk situations was both revealing and to some of us truly shocking. The high-level findings are replicated below. The emphasis of bold, underlined text has been applied by the author of this article.
“Findings
Although we identified some examples of good anti-money laundering (AML) risk management, we were concerned to find serious weaknesses common to many firms included in our review. The following are the main findings:
How banks deal with high-risk customers (including PEPs), correspondent banking relationships and wire transfers.
High-risk customers/PEPs
Some banks appeared unwilling to turn away, or exit, very profitable business relationships when there appeared to be an unacceptable risk of handling the proceeds of crime. Around a third of banks, including the private banking arms of some major banking groups, appeared willing to accept very high levels of money-laundering risk if the immediate reputational and regulatory risk was acceptable.
Over half the banks we visited failed to apply meaningful enhanced due diligence (EDD) measures in higher risk situations and therefore failed to identify or record adverse information about the customer or the customer’s beneficial owner. Around a third of them dismissed serious allegations about their customers without adequate review.
More than a third of banks visited failed to put in place effective measures to identify customers as PEPs. Some banks exclusively relied on commercial PEPs databases, even when there were doubts about their effectiveness or coverage. Some small banks unrealistically claimed their relationship managers (RMs) or overseas offices knew all PEPs in the countries they dealt with. And, in some cases, banks failed to identify customers as PEPs even when it was obvious from the information they held that individuals were holding or had held senior public positions.
Three quarters of the banks in our sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. This was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity.
Some banks’ AML risk-assessment frameworks were not robust. For example, we found evidence of risk matrices allocating inappropriate low-risk scores to high-risk jurisdictions where the bank maintained significant business relationships. This could have led to them not having to apply EDD and monitoring measures.
Some banks had inadequate safeguards in place to mitigate RMs’ conflicts of interest. At more than a quarter of banks visited, RMs appeared to be too close to the customer to take an objective view of the business relationship and many were primarily rewarded on the basis of profit and new business, regardless of their AML performance.
At a third of banks visited, the management of customer due diligence records was inadequate and some banks were unable to give us an overview of their high-risk or PEP relationships easily. This seriously impeded these banks’ ability to assess money laundering risk on a continuing basis. Banks’ management of high money laundering risk situations How banks deal with high-risk customers (including PEPs), correspondent banking relationships and wire transfers.
Nearly half the banks in our sample failed to review high-risk or PEP relationships regularly. Relevant review forms often contained recycled information year after year, indicating that these banks may not have been taking their obligation to conduct enhanced monitoring of PEP relationships seriously enough.
At a few banks, the general AML culture was a concern, with senior management and/or compliance challenging us about the whole point of the AML regime or the need to identify PEPs.
Correspondent banking
Some banks conducted good quality AML due diligence and monitoring of relationships, while others, particularly some smaller banks, conducted little and, in some cases, none. In several smaller banks, a tick-box approach to AML due diligence was noted. Many (especially smaller) banks’ due diligence procedures resembled a ‘paper gathering’ exercise with no obvious assessment of the information collected; there was also over-reliance on the Wolfsberg Group AML Questionnaire which gives only simple yes or no answers to basic AML questions without making use of the Wolfsberg Principles on correspondent banking. And when reviews of correspondent relationships were conducted, they were often clearly copied and pasted year after year with no apparent challenge.
Some banks did not carry out due diligence on their parent banks or banks in the same group, even when they were located in a higher risk jurisdiction or there were other factors which increased the risk of money laundering.
A more risk-based approach is required where PEPs own, direct or control respondent banks. We found there was a risk that some banks’ respondents could be influenced by allegedly corrupt PEPs, increasing the risk of these banks being used as vehicles for corruption and/or money laundering.
Transaction monitoring of correspondent relationships is a challenge for banks due to often erratic, yet legitimate, flows of funds. Banks ultimately need to rely on the explanations of unusual transactions given by respondents and this can be difficult to corroborate. However, there were some occasions where we felt banks did not take adequate steps to verify such explanations.
We found little evidence of assessment by internal audit of the money-laundering risk in correspondent banking relationships; this is unsatisfactory given the high money-laundering risk which is agreed internationally to be inherent in correspondent banking.”
Ten years on, what has changed and how has the FCA both ensured and tracked these changes? It must be incumbent upon the FCA to not only ensure change, but to simultaneously report upon the same. Surely the public and the industry need to be assured positive changes have taken place and never again will we read.
“Three quarters of the banks in our sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. This was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity.”
This equates to a wholly unacceptable 75% failure rate. The year was 2011 and in late 2020 the FCA finally used their criminal prosecution powers to charge an individual with a single money laundering offence. This was followed in March 2021 by the announcement that the FCA had criminally charged NatWest Bank with money laundering offences. So, ten years on, what has changed? How has the FCA tracked the prior issues and ensured increased rates of compliance? Should we expect another thematic review and/or the publication of a new ‘state of the AML nation’ report from the FCA?
What are the compliance rates within your firm/bank and over the prior ten years? Have the FCA enforcement actions caused you to undertake your own review and/or apply more AML resources to your business? Food for thought, keep your eyes peeled for the FCA on the horizon.
* https://www.fca.org.uk/publication/corporate/fsa-aml-final-report.pdf
Copyright © 2021 Martin Woods. All rights reserved.
Image credit: fca.org.uk
It’s all in the timing but can the Financial Conduct Authority (FCA) simultaneously perform as a regulator and enforce the criminal law?
This particular timing references four recent publications/broadcasts:
The FCA has three primary operational objectives:-
Nowhere is there any reference to enforcing the criminal law (where applicable) and there is no reference to preventing financial crimes. Does it follow, anti-money laundering (AML) is not an operational objective and priority for the FCA? Not according to Mark Steward who, in his speech of 24 March 2020 stated:
“Detection, investigation and prosecution, where necessary, – either civilly or criminally – of breaches of the Money Laundering Regulations, SYSC 6.3 and/or the Principles for Business are key priorities for the FCA.”
Although, this does not accord with evidence drawn from prior FCA enforcement actions, which proposes criminal prosecutions for money laundering breaches are very rare*. Over the prior 20 years, global regulatory penalties for AML failings have exceeded $250 billion and to some, AML has become the benchmark by which all compliance is judged. They posit, “If you can’t get your AML right, it is likely none of your compliance programme is right”. Thus. AML is a big issue, but given these enormous penalties, should we not now know who did it? I hear some of you ask, “Did what?” and the answer is’ “Who laundered all of the money which generated these $250 billion + penalties?”.
The problem, is we don’t know, because regulators, including the FCA haven’t found him/her. Or, in the event they have found the culprits, they have taken no action and this is a BIG problem.
If you are reading this it is assumed you accept money laundering is a serious criminal offence and it is a vital component of serious and organised crime. With this agreed upon, we need to consider public policy towards serious and organised crime. In 2002, the UK Prime Minister Tony Blair heralded The Proceeds of Crime Act 2002 and suggested, “If we take the proceeds out of crime, we may ultimately stop the crimes being committed”.
Given our collective, abject failure to achieve the first part of this suggestion, i.e. take the proceeds out of crime, we may never know if Tony Blair was right. So why have we failed and why do we continue to fail? More pointedly, why has the FCA failed?
The answer is very simple, the FCA is conflicted and therefore unable to enforce the criminal law, prosecute culprits and protect the public in the same way as law enforcement agencies, such as the police service. The FCA is simultaneously a supervisor, a regulator, a gate keeper and a law enforcer. Whereas, the police service is simultaneously a law enforcer and a social service, but importantly, the police service are not conflicted.
The FCA approve applications and provide regulatory permissions to firm, banks and even individuals, thereafter, the FCA provides supervision to these regulated parties. This all works well until one of more, of these parties undertakes criminal conduct and uses their regulated permissions, services, products and status to launder the proceeds of crime.
Consequently, when this happens, the FCA find themselves investigating parties they previously approved as being ‘fit and proper’ parties to operate a regulated financial services business. Put another way, these parties presented themselves to the FCA who undertook some form of due diligence and determined the public could trust them. Thereafter, the FCA supervised them, helped them and behold they were in fact committing a serious crime.
The police do not approve or supervise criminals, they investigate them, frustrate them, arrest them and all being well, with the support of the Crown Prosecution Service they convict them, as individuals, not families, not clans, groups or legal entities, no, individuals, held accountable and responsible for their actions.
Now imagine the issues which the FCA face, having assessed, approved and then supervised the culprits, questions are asked as to the quality of regulation and supervision. Moreover, the culprits can build a defence around FCA approval and supervision, proposing they could not have been committing a crime as the FCA would have stopped them.
Some believe the FCA are a weak and frightened prosecutor who does not want to risk losing a criminal trial. Therefore, absent to a suspect’s confession, a DNA sample and photographic evidence of a crime being committed the FCA will not initiate a prosecution. Which is good news for launderers, but not so for the public.
One of the objectives of both the criminal justice and the police service is the prevention of crime, pursuant to which credible deterrents are vital. When sentencing offenders judges often make two sentences simultaneously providing punishment for the offender in the dock and a credible deterrent to would-be offenders in a mindset to give the same crime a try.
Would be offenders need to fear being caught and the consequences of being caught. Hence, most murders are solved and upon being convicted, offenders are sentenced to a term of life in prison. In contrast, the FCA has never convicted an individual of any criminal money laundering offences**. Absent to the fear of being caught and the consequences of being caught, those so inclined apply the motto, “Keep calm and carry on laundering”.
Presently it is the shareholders of banks/regulated firms who are being punished for money laundering/money laundering prevention failures taking place. After all, it is their profits which pay the penalties imposed by the FCA.
In March 2021, the FCA initiated criminal proceedings against Nat West Bank, which is the first time the regulator has chosen to pursue criminal rather than civil proceedings. Of course the bank has nothing to fear, or more precisely, the bank fears nothing, because fear is an emotion and corporate entities, such as banks have no emotions. No individuals have been charged and this will not change, given the date range for the alleged money laundering is 2011-2015.
Within the criminal justice system there is a maxim, “Justice delayed is justice denied”. People accused of crimes should be given the best opportunity to defend themselves. So, what were you doing in 2011? Collectively, the AML community await the outcome of the criminal proceedings.
In the meantime, the FCA has stated they are conducting in excess of forty additional money laundering investigations and have commenced a campaign to encourage more whistleblowers to come forward and report wrongdoing. We must assume this includes wrongdoing in relation to money laundering and so Mark Steward is on the front foot. Or is he?
It is universally acknowledged that whistleblowers, informants, confidential human intelligence sources (CHIS) play a vital role in fighting serious/organised crime, including money laundering. BUT, there is often a big but, the FCA do not want to deal with any CHIS, given the legal obligations which attach to dealings with a CHIS. It must follow that FCA are restricting their own ability to enforce the criminal laws applicable to money laundering. Not so fast, whereas a CHIS makes a choice to become an informant, many people in the financial services industry are compelled to do so.
Thousands of people, including executives hold their roles on the basis of approval from the FCA. This approved status demands such people are open and cooperative with the FCA^. This means such ‘approved person’ must inform the FCA of any matters, it can be assumed the FCA would want to be made aware of. Money laundering is a matter we should assume the FCA want to be made aware of.
Thus, no CHIS, no informants, but enthusiastic whistleblowers and others who are compelled to become whistleblowers. Please note, I am not a lawyer, but I do think there are some serious human rights issues here, which become even more serious when the FCA fails to act on the information provided by the whistleblower; fails to protect the whistleblower and worse still attacks the whistleblower. Believe me, this happens.
As presented above, the FCA does not have a great record when it comes to holding individuals accountable for money laundering. Likewise, the FCA has a poor record for protecting whistleblowers, indeed dealing with whistleblowers. In contrast, my friend Harry Markopolous^^ is very good at dealing with and protecting whistleblowers, indeed, he recruits and coaches them. He is a private citizen, he works in the US and does not purport to be a law enforcement agency, but he would be good at it.
Harry does protect and reward his whistleblowers, they are the lifeblood of his business, which I like to think of as “Whistle while you work Ltd”. He understands the value as well as the importance of whistleblowers and he issues claims for $500 million+, but as he is not a regulator or supervisor, he has no conflict of interests.
Back to the FCA campaign, given the choice, if you were to become a whistleblower would you want to be “welcomed” by the FCA and “made to feel safe”? Or would you prefer to be protected, rewarded and coached by Harry? Given the US have recently legislated to financially reward those who blow the whistle against money laundering and money launderers, Harry is likely recruiting. Moreover, perhaps it is the US legislation which has prompted the FCA to initiate this campaign, which is not actually new, rather it is a re-launch of a very similar campaign in 2015, which followed on from a lot of government criticism of the FCA.
The FCA is a regulator, not a law enforcement agency and consequently the FCA is incapable of properly or indeed adequately enforcing the criminal law as it relates to money laundering.
* Two in the prior twenty years
** In November 2020, the FCA initiated criminal proceedings for money laundering against Richard Jonathon Faithful. The proceedings are ongoing
^ PRIN 11 FCA Handbook
^^ The man who blew the whistle on the recently deceased Bernie Madoff
Copyright © 2021 Martin Woods. All rights reserved.
