Ten years on from an AML hiatus, what has changed?

- 6 May, 2021

 

 

In June 2011 the Financial Conduct Authority (FCA), known at the time as the Financial Services Authority (FSA), published the findings of a thematic review* of the high risks within banking.  The Financial Crime Thematic Review (FCTR) of the 12 banks’ management of high money-laundering risk situations was both revealing and to some of us truly shocking.  The high-level findings are replicated below. The emphasis of bold, underlined text has been applied by the author of this article.

“Findings 

Although we identified some examples of good anti-money laundering (AML) risk management, we were concerned to find serious weaknesses common to many firms included in our review. The following are the main findings: 

How banks deal with high-risk customers (including PEPs), correspondent banking relationships and wire transfers. 

High-risk customers/PEPs 

Some banks appeared unwilling to turn away, or exit, very profitable business relationships when there appeared to be an unacceptable risk of handling the proceeds of crime. Around a third of banks, including the private banking arms of some major banking groups, appeared willing to accept very high levels of money-laundering risk if the immediate reputational and regulatory risk was acceptable. 

Over half the banks we visited failed to apply meaningful enhanced due diligence (EDD) measures in higher risk situations and therefore failed to identify or record adverse information about the customer or the customer’s beneficial owner. Around a third of them dismissed serious allegations about their customers without adequate review. 

More than a third of banks visited failed to put in place effective measures to identify customers as PEPs. Some banks exclusively relied on commercial PEPs databases, even when there were doubts about their effectiveness or coverage. Some small banks unrealistically claimed their relationship managers (RMs) or overseas offices knew all PEPs in the countries they dealt with. And, in some cases, banks failed to identify customers as PEPs even when it was obvious from the information they held that individuals were holding or had held senior public positions. 

Three quarters of the banks in our sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. This was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity. 

Some banks’ AML risk-assessment frameworks were not robust. For example, we found evidence of risk matrices allocating inappropriate low-risk scores to high-risk jurisdictions where the bank maintained significant business relationships. This could have led to them not having to apply EDD and monitoring measures. 

Some banks had inadequate safeguards in place to mitigate RMs’ conflicts of interest. At more than a quarter of banks visited, RMs appeared to be too close to the customer to take an objective view of the business relationship and many were primarily rewarded on the basis of profit and new business, regardless of their AML performance. 

At a third of banks visited, the management of customer due diligence records was inadequate and some banks were unable to give us an overview of their high-risk or PEP relationships easily. This seriously impeded these banks’ ability to assess money laundering risk on a continuing basis. Banks’ management of high money laundering risk situations How banks deal with high-risk customers (including PEPs), correspondent banking relationships and wire transfers.

Nearly half the banks in our sample failed to review high-risk or PEP relationships regularly. Relevant review forms often contained recycled information year after year, indicating that these banks may not have been taking their obligation to conduct enhanced monitoring of PEP relationships seriously enough. 

At a few banks, the general AML culture was a concern, with senior management and/or compliance challenging us about the whole point of the AML regime or the need to identify PEPs.

Correspondent banking

Some banks conducted good quality AML due diligence and monitoring of relationships, while others, particularly some smaller banks, conducted little and, in some cases, none. In several smaller banks, a tick-box approach to AML due diligence was noted. Many (especially smaller) banks’ due diligence procedures resembled a ‘paper gathering’ exercise with no obvious assessment of the information collected; there was also over-reliance on the Wolfsberg Group AML Questionnaire which gives only simple yes or no answers to basic AML questions without making use of the Wolfsberg Principles on correspondent banking. And when reviews of correspondent relationships were conducted, they were often clearly copied and pasted year after year with no apparent challenge.

Some banks did not carry out due diligence on their parent banks or banks in the same group, even when they were located in a higher risk jurisdiction or there were other factors which increased the risk of money laundering. 

A more risk-based approach is required where PEPs own, direct or control respondent banks. We found there was a risk that some banks’ respondents could be influenced by allegedly corrupt PEPs, increasing the risk of these banks being used as vehicles for corruption and/or money laundering. 

Transaction monitoring of correspondent relationships is a challenge for banks due to often erratic, yet legitimate, flows of funds. Banks ultimately need to rely on the explanations of unusual transactions given by respondents and this can be difficult to corroborate. However, there were some occasions where we felt banks did not take adequate steps to verify such explanations. 

We found little evidence of assessment by internal audit of the money-laundering risk in correspondent banking relationships; this is unsatisfactory given the high money-laundering risk which is agreed internationally to be inherent in correspondent banking.”

Ten years on, what has changed and how has the FCA both ensured and tracked these changes?  It must be incumbent upon the FCA to not only ensure change, but to simultaneously report upon the same.  Surely the public and the industry need to be assured positive changes have taken place and never again will we read.

Three quarters of the banks in our sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. This was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity.”

This equates to a wholly unacceptable 75% failure rate.  The year was 2011 and in late 2020 the FCA finally used their criminal prosecution powers to charge an individual with a single money laundering offence.  This was followed in March 2021 by the announcement that the FCA had criminally charged NatWest Bank with money laundering offences.  So, ten years on, what has changed?  How has the FCA tracked the prior issues and ensured increased rates of compliance? Should we expect another thematic review and/or the publication of a new ‘state of the AML nation’ report from the FCA? 

What are the compliance rates within your firm/bank and over the prior ten years? Have the FCA enforcement actions caused you to undertake your own review and/or apply more AML resources to your business?  Food for thought, keep your eyes peeled for the FCA on the horizon.

 

* https://www.fca.org.uk/publication/corporate/fsa-aml-final-report.pdf

 

Copyright © 2021 Martin Woods. All rights reserved.