FCA’s Second Largest Fine for Anti Money Laundering Failings
The Financial Conduct Authority (FCA) has fined Standard Chartered Bank (SCB) £102,163,200 for Anti-Money Laundering (AML) breaches in two higher risk areas of its business, its UK correspondent banking business, and its branches in the United Arab Emirates (UAE) between November 2009 and December 2014 (the relevant period). SCB comprises a network of more than 1,109 branches and outlets in 68 markets, with 14 licensed branches in the UAE serving over 340,000 customers throughout MENA and beyond.
The 60-page Decision Notice lists numerous breaches in relation to the Money Laundering Regulation 2007 and failures in the general financial crime prevention systems and controls the bank was expected to have in place. The FCA found serious and sustained deficiencies, such as failing to establish and maintain risk-sensitive policies and procedures relating to customer due diligence (CDD), ongoing monitoring, and failing to ensure its UAE branches applied UK equivalent AML / CTF controls.
In relation to SCB’s AML controls, the FCA found:
In one case, SCB opened an account in the UAE for a consulate, funded with the equivalent of just over £500,000 in cash brought into the UAE by the consul in a suitcase. SCB failed to adequately establish the source of funds and, therefore, to mitigate the increased risk posed by this transaction and this customer;
In another case, SCB failed to collect sufficient information on a customer exporting a commercial product which potentially had a military application. This product was exported to over 75 countries, including two jurisdictions where armed conflict was taking place or was likely to be taking place;
Even where SCB’s policy required enhanced due diligence (EDD) to be applied, only limited EDD measures were carried out which were insufficient given the risks inherent in the business relationships;
Some customers had links to countries subject to sanctions. For example, SCB was dealing with Iranian nationals, as long as those customers were resident outside Iran and did not carry out business with/from Iran on their SCB account. Two employees in SCB’s UAE branches are alleged to have colluded with SCB customers in order to evade financial sanctions against Iran;
Inadequate or ineffective ongoing monitoring was in place, which resulted in SCB not being able to adequately reassess the customer relationship as they developed over time;
SCB’s UAE branches failed to carry out CDD reviews on their customers in accordance with SCB’s own policies, nor did they adequately identify and assess red flags, such as rejected transactions. This created the risk that SCB did not sufficiently understand the customer, the customer’s business, or their risk profile;
SCB’s Financial Crime Risk function was under resourced in terms of quantity and quality of capacity.
In relation to the correspondent banking services, some of the failures that the FCA identified included:
Insufficient evidence that SCB had assessed adequately the quality of the corresponding banks’ AML controls were found in 88% of the files the regulator reviewed. For example, one bank was located in a high-risk jurisdiction in which armed conflict was taking place at the time of relevant transactions. Despite this, there was no evidence on the file that SCB had obtained, or carried out a qualitative assessment of the bank’s AML policies and procedures, other than a template AML questionnaires containing yes/no questions about the bank’s AML controls, and an unsupported confirmation that the bank’s procedure was satisfactory;
In 42% of the files where a PEP (politically exposed person) was identified, there was insufficient evidence that an understanding of the PEP’s role had been obtained;
No CDD records at all for a small number of the UK Wholesale Bank’s non-EEA correspondent banking relationships.
The FCA found SCB’s failings were particularly serious because they occurred against a background of heightened awareness within SCB of issues with its global financial crime controls, which arose from
action taken by US regulators and prosecutors; direct feedback from the FCA; and
through SCB’s own internal assessments.
During the relevant period, the FCA has also taken enforcement action against several authorised firms for similar failings relating to financial crime, and published related thematic reviews and consolidated guidance to help firms adopt a more effective approach to mitigating financial crime risk. In addition, the FCA, along with the UK government as well as international and domestic governmental organisations, repeatedly issued communications regarding jurisdictions with a high risk of money laundering and/or financial crime (such as Iran).
The FCA’s findings revealed that despite the above factors, SCB was not only exposed to sanctions evasion, but also to the increased and unacceptable risk of receiving and/or laundering the proceeds of crime.
The FCA acknowledged the remedial steps taken by SCB, which included:
Reviewing its CDD policies and procedures;
Investing significant human and technological resources to improve the quality of the CDD process;
Strengthening governance in relation to its correspondent banking due diligence and monitoring;
Introducing new committees to improve oversight of SCB’s correspondent banking business.
US authorities have also taken action against the Standard Chartered Group for significant violations of US sanctions laws and regulations. The FCA reported it worked closely and extensively with a number of UK and overseas agencies including the US Department of
Justice, New York County District Attorney, US Board of Governors of the Federal Reserve, New York State Department of Financial Services, and US Office of Foreign Assets Control. SCB agreed to settle at an early stage, therefore it qualified for a 30% discount and avoided an otherwise fine of almost £146 million. Annex B of the Decision Notice explains how the final amount of the penalty was reached, taking into consideration factors such as the seriousness of the breach, mitigations and aggravations, and any financial benefits derived from the breach. The FCA assessed the impact and nature of the misconduct as a level four out of five on their scale of seriousness, which meant a starting point in determining the final penalty of 15% of the total revenue generated by SCB for the relevant period. What lesson can we learn from this case?
First, a proper financial crime prevention framework, which is based on a robust and proactive CDD process and an effective on-going monitoring activity, is a prerequisite that no firm should ignore. Mark Steward, director of enforcement and market oversight at the FCA, said: “Standard Chartered’s oversight of its financial crime controls was narrow, slow and reactive.”
Second, SCB failed to take reasonable steps to ensure a positive culture towards AML compliance was embedded, and to take a holistic approach towards financial crime controls. A strong ethical and compliance culture across organisations is a powerful tool to mitigate inevitable risks, and to instil the message that wrongdoing is not tolerated or condoned. In doing that, periodic training which includes mention to the FCA approach to enforcement on AML failures, would provide a practical support to this message.
AML systems and controls are on the FCA radar, as shown in other recent cases, and failing to take appropriate steps to prevent financial crime is considered a serious breach, no matter the size of the firm or the available resources. For boards and MLROs that want to self-assess their conditions the question to ask is: How narrow, slow, or reactive is our financial crime prevention framework?
Should you wish to discuss this case further, or to better understand how financial crime prevention requirements apply to your firm, please do not hesitate to contact us.