3. Findings and outcomes of our supervisory work

3. Findings and outcomes of our supervisory work

Findings

The findings from some recent SAMLP reviews have been encouraging, and serve to demonstrate that we are setting our standards correctly. And, even more positively, in major banks we see recognition that AML is an issue that requires attention from top management, and a strong tone from the top.

One major bank had effective controls to manage risks associated with its foreign correspondent banking (FCB) customers. The firm’s financial crime compliance team called FCB customers to collect detailed information to assess the quality of its AML programme. In addition, a different team periodically reviewed all FCB customers’ transactions. This included analysing three months’ transactions to determine whether these were consistent with expected activity. The reviews also looked at the jurisdictions that transactions flowed to and from, and identified transactions involving high-risk clients (including nested relationships), as well as those involving an owner who was a Politically Exposed Person (PEP) or director of an FCB client. This team then produced a series of questions based on their analysis for the compliance team to follow up.

However, several banks have faced challenges in ensuring that these good intentions are translated into a strong AML culture throughout the bank.  Moreover, some of our SAMLP reviews have found serious weaknesses in key AML controls, and several major banks have been required to undertake major remediation programmes.  We are now seeing the initial results of their remediation.  We recognise that these remedial programmes are challenging for the banks, and that it will take some time for all the improvements needed to come through. 

Our thematic review of AML and sanctions controls in smaller banks in 2014 found significant weaknesses in many of the banks we visited.  Several of them had devoted insufficient resource to AML, with staff often demonstrating poor knowledge of money laundering risks.  Some banks with headquarters overseas struggled to reconcile their group policies with the higher standards required in the UK. 

In one overseas wholesale bank we visited as part of our AML inspections of smaller firms we found major AML weaknesses. The bank had an outstanding application for a Variation of Permission to allow it to launch a retail banking business to complement its existing wholesale business. In the light of the weaknesses we had identified, we told the bank we were minded to refuse its application. As a result, the firm withdrew its application, deciding to re-submit it once it had adequately improved its financial crime systems and controls.

Through our new proactive programme of regular inspections for smaller high‑risk firms we are now seeing signs of much better engagement by senior management, and consequent improvements in their AML controls.  Indeed, the pace of improvement in some smaller banks is faster than in some of the major banks, perhaps because a smaller institution can change more quickly. 

After another visit as part of our AML inspections of smaller firms, we received the following from the firm:
‘The firm takes its AML and Sanctions responsibilities very seriously and we were pleased to note you found a strong compliance culture at all levels within the firm, together with senior management engagement in financial crime issues. The firm has a clear risk appetite in relation to AML and Sanctions and your confirmation that it has been evidenced across the business and in the High Risk Customer Forum reflects our continuing focus in this area.
We found the areas you identified for further development to be insightful and helpful and have already set out measures and plans to deliver improvements in the short to medium term.’

 

Under our new Senior Managers and Certification Regime (SM&CR) we expect the picture of increased senior management engagement to improve further. The designation of the Money Laundering Reporting Officer (MLRO) as a Senior Management Function recognises the importance of an approved individual being accountable for ensuring that AML controls are properly designed and implemented. At the same time, the SM&CR has introduced a prescribed responsibility for financial crime to ensure that the overall responsibility for the firm’s financial crime policies and procedures is discharged by someone who is senior enough to ensure that the firm as a whole is meeting all its financial crime obligations. We hope that this will lead to a clearer focus on AML issues and more support from firms for their financial crime functions and MLROs.

Outcomes

We use our wide range of regulatory tools creatively, with a risk-based approach to achieve the best outcomes. We have achieved positive results through the use of remedial tools and business restrictions, restricting firms’ high-risk business until weaknesses in AML controls are corrected. From 2012 to 2014 we intervened in this way with 12 firms on AML issues. In 2015-16 we made two further interventions of this sort, restricting high-risk business in firms with inadequate controls.

We have also used our powers under section 166 of FSMA to commission reports from Skilled Persons to give us an independent assessment of either firms’ financial crime systems and controls where we have concerns, or their remediation work. Since the beginning of 2014/15 we have commissioned 11 of these reports.

Even before we introduced the SM&CR we had increased our emphasis on holding senior management to account. So in several cases we have asked senior management to be personally responsible for delivering specific pieces of work or remedial action, particularly where they had not shown enough engagement on AML issues. In 15 cases since June 2013 we have asked senior management to provide formal attestations that remedial work has been completed.

We currently have several enforcement investigations under way for financial crime failings, most of which relate to AML weaknesses (another relates to weaknesses in anti-bribery and corruption systems and controls).

In November 2015 we fined Barclays Bank over £72 million for failing to minimise the risk that it might be used to facilitate financial crime. We found serious failings in Barclays’ AML due diligence in relation to a very large transaction that it had arranged and executed for some ultra-high net worth clients. They were PEPs, so should have been subject to enhanced levels of due diligence and monitoring. Barclays ignored its own process designed to safeguard against the risk of financial crime and overlooked obvious red flags to win new business and generate significant revenue. This is wholly unacceptable.
This is by far the largest fine imposed by the FCA (or our predecessor regulator, the FSA) for financial crime failings.

 

These supervisory and enforcement actions have prompted many firms of all sizes to recognise the importance of effective AML systems and controls. We are further encouraged by our observations from our visits and other interaction with firms that many of them conduct gap analysis of their AML controls using our Financial Crime Guide.