FCA’s Second Largest Fine for Anti Money Laundering Failings

The Financial Conduct Authority (FCA) has fined Standard Chartered Bank (SCB)
£102,163,200 for Anti-Money Laundering (AML) breaches in two higher risk areas of its
business, its UK correspondent banking business, and its branches in the United Arab
Emirates (UAE) between November 2009 and December 2014 (the relevant period). SCB
comprises a network of more than 1,109 branches and outlets in 68 markets, with 14
licensed branches in the UAE serving over 340,000 customers throughout MENA and
beyond.

The 60-page Decision Notice lists numerous breaches in relation to the Money Laundering
Regulation 2007 and failures in the general financial crime prevention systems and controls
the bank was expected to have in place. The FCA found serious and sustained deficiencies,
such as failing to establish and maintain risk-sensitive policies and procedures relating to
customer due diligence (CDD), ongoing monitoring, and failing to ensure its UAE branches
applied UK equivalent AML / CTF controls.

In relation to SCB’s AML controls, the FCA found:

 In one case, SCB opened an account in the UAE for a consulate, funded with the
equivalent of just over £500,000 in cash brought into the UAE by the consul in a
suitcase. SCB failed to adequately establish the source of funds and, therefore, to
mitigate the increased risk posed by this transaction and this customer;

 In another case, SCB failed to collect sufficient information on a customer exporting
a commercial product which potentially had a military application. This product was
exported to over 75 countries, including two jurisdictions where armed conflict was
taking place or was likely to be taking place;

 Even where SCB’s policy required enhanced due diligence (EDD) to be applied, only
limited EDD measures were carried out which were insufficient given the risks
inherent in the business relationships;

 Some customers had links to countries subject to sanctions. For example, SCB was
dealing with Iranian nationals, as long as those customers were resident outside Iran
and did not carry out business with/from Iran on their SCB account. Two employees
in SCB’s UAE branches are alleged to have colluded with SCB customers in order to
evade financial sanctions against Iran;

 Inadequate or ineffective ongoing monitoring was in place, which resulted in SCB not
being able to adequately reassess the customer relationship as they developed over
time;

 SCB’s UAE branches failed to carry out CDD reviews on their customers in
accordance with SCB’s own policies, nor did they adequately identify and assess red
flags, such as rejected transactions. This created the risk that SCB did not sufficiently
understand the customer, the customer’s business, or their risk profile;

 SCB’s Financial Crime Risk function was under resourced in terms of quantity and
quality of capacity.

In relation to the correspondent banking services, some of the failures that the FCA
identified included:

 Insufficient evidence that SCB had assessed adequately the quality of the
corresponding banks’ AML controls were found in 88% of the files the regulator
reviewed. For example, one bank was located in a high-risk jurisdiction in which
armed conflict was taking place at the time of relevant transactions. Despite this,
there was no evidence on the file that SCB had obtained, or carried out a qualitative
assessment of the bank’s AML policies and procedures, other than a template AML
questionnaires containing yes/no questions about the bank’s AML controls, and an
unsupported confirmation that the bank’s procedure was satisfactory;

 In 42% of the files where a PEP (politically exposed person) was identified, there was
insufficient evidence that an understanding of the PEP’s role had been obtained;

 No CDD records at all for a small number of the UK Wholesale Bank’s non-EEA
correspondent banking relationships.

The FCA found SCB’s failings were particularly serious because they occurred against a
background of heightened awareness within SCB of issues with its global financial crime
controls, which arose from

 action taken by US regulators and prosecutors;
 direct feedback from the FCA; and

 through SCB’s own internal assessments.

During the relevant period, the FCA has also taken enforcement action against several
authorised firms for similar failings relating to financial crime, and published related
thematic reviews and consolidated guidance to help firms adopt a more effective approach
to mitigating financial crime risk. In addition, the FCA, along with the UK government as well
as international and domestic governmental organisations, repeatedly issued
communications regarding jurisdictions with a high risk of money laundering and/or
financial crime (such as Iran).

The FCA’s findings revealed that despite the above factors, SCB was not only exposed to
sanctions evasion, but also to the increased and unacceptable risk of receiving and/or
laundering the proceeds of crime.

The FCA acknowledged the remedial steps taken by SCB, which included:

 Reviewing its CDD policies and procedures;

 Investing significant human and technological resources to improve the quality of
the CDD process;

 Strengthening governance in relation to its correspondent banking due diligence and
monitoring;

 Introducing new committees to improve oversight of SCB’s correspondent banking
business.

US authorities have also taken action against the Standard Chartered Group for significant
violations of US sanctions laws and regulations. The FCA reported it worked closely and
extensively with a number of UK and overseas agencies including the US Department of

Justice, New York County District Attorney, US Board of Governors of the Federal Reserve,
New York State Department of Financial Services, and US Office of Foreign Assets Control.
SCB agreed to settle at an early stage, therefore it qualified for a 30% discount and avoided
an otherwise fine of almost £146 million. Annex B of the Decision Notice explains how the
final amount of the penalty was reached, taking into consideration factors such as the
seriousness of the breach, mitigations and aggravations, and any financial benefits derived
from the breach. The FCA assessed the impact and nature of the misconduct as a level four
out of five on their scale of seriousness, which meant a starting point in determining the
final penalty of 15% of the total revenue generated by SCB for the relevant period.
What lesson can we learn from this case?

First, a proper financial crime prevention framework, which is based on a robust and
proactive CDD process and an effective on-going monitoring activity, is a prerequisite that
no firm should ignore. Mark Steward, director of enforcement and market oversight at the
FCA, said: “Standard Chartered’s oversight of its financial crime controls was narrow, slow
and reactive.”

Second, SCB failed to take reasonable steps to ensure a positive culture towards AML
compliance was embedded, and to take a holistic approach towards financial crime controls.
A strong ethical and compliance culture across organisations is a powerful tool to mitigate
inevitable risks, and to instil the message that wrongdoing is not tolerated or condoned. In
doing that, periodic training which includes mention to the FCA approach to enforcement
on AML failures, would provide a practical support to this message.

AML systems and controls are on the FCA radar, as shown in other recent cases, and failing
to take appropriate steps to prevent financial crime is considered a serious breach, no
matter the size of the firm or the available resources. For boards and MLROs that want to
self-assess their conditions the question to ask is: How narrow, slow, or reactive is our
financial crime prevention framework?

Should you wish to discuss this case further, or to better understand how financial crime
prevention requirements apply to your firm, please do not hesitate to contact us.