The newly-created Financial Conduct Authority (FCA) has fined a private bank £4.2M for failures in its anti-money laundering controls. The size of the fine and the FCA’s stern words that accompanied it underline the need for companies to make sure they are legally compliant.
The public profile of EFG Private Bank wasn’t too high until recently. But now the FCA is up and running that certainly seems to have changed. For EFG, it appears to have been a change for the worse.
As the UK private banking subsidiary of the EFGI Group – a Switzerland-based global private banking group – EFG provides private banking and wealth management services to some of the world’s richest individuals. Some of these clients, it has emerged, come from overseas jurisdictions that are viewed as providing a higher risk of money laundering, bribery and corruption. That risk now appears to have been costly for EFG; which has the unwanted distinction of being the first UK organisation to be fined by the FCA. EFG has had to pay a £4.2M fine for failing to take reasonable care to establish and maintain effective anti-money laundering controls for high-risk customers. According to the FCA, the failings were serious and lasted for more than three years.
EFG’s problems began back in 2011, when the FCA’s predecessor the Financial Services Authority (FSA) visited the bank as part of a review of UK banks and their attempts to manage money laundering risks. The FSA investigation found that EFG had failed to fully put its anti-money laundering policies into practice. As a result, EFG was found to have breached Principle 3 of the FCA’s Principles for Businesses.
Principle 3 requires banks to take reasonable care to organise and control their affairs responsibly and effectively. What the investigators found at EFG showed clearly that this was not the case. In 17 of 36 customer files that were reviewed, there was evidence of customer due diligence that highlighted significant money laundering risks – but insufficient records of what the bank’s senior management had done to reduce those risks. Of those 17 files, 13 showed that the risks highlighted related to allegations of criminal activity and (in some cases) even that customers had been charged with criminal offences that included corruption and money laundering. One prospective client had acquired their wealth through their father, who was allegedly linked to organised crime, money laundering and murder. But the file contained little information about how the bank had accepted this as an acceptable risk or what they had done to mitigate it. Of the 99 politically exposed persons (PEP’s) and other high-risk customer files, 83 raised serious concerns about EFG’s monitoring of the relationship.
In handing out the fine, the FCA’s head of enforcement and financial crime, Tracey McDermott, said: “In this case, while EFG’s policies looked good on paper, in practice it manifestly failed to ensure that it was addressing its anti-money laundering risks. Its poor implementation of its agreed policies risked the bank handling the proceeds of crime. These failures merited a strong penalty from the FCA.
“Firms that accept business from high-risk customers must have systems, controls and practices to manage that risk. The FCA will continue to focus on high-risk customers and business.’’
The words from Tracey McDermott regarding EFG’s punishment are typical of the type of bullish statement that investigating authorities make when they have succeeded in penalising wrongdoing. They include a warning to others and outline exactly what wrongdoing the FCA uncovered. But perhaps the comments can be seen as a timely warning that has to be viewed as more than triumphant words. Especially the reference to EFG’s policies looking good on paper but clearly failing in practice.
Any other bank or institution handling the same type of high-risk customers as EFG would be foolish not to take this case as a strong reminder of the need for robust risk management policies – policies that have to be acted upon. Whether it is money laundering or corruption, it appears that now more than ever, institutions have to make sure they have such policies in place and in force. Drawing up a mere checklist or ticking a few boxes is not good enough. Just ask EFG. The policies have to be based on a top down review of the workings of the organisation, its staff, customers and other third parties it is involved with. Any procedures introduced will be worthless – and, just as importantly, regarded by the FCA as such – if they are not robust and responsive to the activities of the organisation. If the FCA comes looking for potential wrongdoing, anyone under investigation will have to be able to prove that the procedures are fully documented, being acted upon at all times and reviewed regularly to meet any new risks or challenges that may arise.
At Rahman Ravelli, we are fully aware of the pressures and responsibilities faced by companies; especially those where the high-risk customers can be the norm. We advise corporates, including large PLC’s, on such compliance matters and we understand that none of them ever want to spend any more energy, time and money on compliance than is necessary. But if the EFG case shows us anything it is that compliance is one area that does not lend itself to skimping on costs and cutting corners. Not only do proper, strong compliance procedures have to be devised, introduced and reviewed, they also have to be enforced rigorously within the company, followed to the letter and updated as and when they need to be. EFG devised and introduced them but failed to implement them fully and, as a result, is now £4.2M worse off. It is unlikely that any senior staff at EFG now view compliance as a corner worthy of cutting.
The cost of such a penalty goes far beyond the money that has to be paid. EFG has lost a large chunk of money. That is undeniable. But what did the investigation cost in terms of lost working man hours? And what damage has been done to its reputation? Or its trading levels? Many such factors cannot be quantified in simple terms such as pounds or dollars but they are all certainly damaging to a company.
Companies may face different challenges from one other. Many institutions, even other banks, will know the risks they come across differ from those tucked away in EFG’s files. But they all have to realise that although compliance is not a one-size-fits-all issue, it is certainly one issue that affects them all. For that reason alone, many need to take the time right now to make sure that the way they are operating and the approach they take to compliance can stand up to the scrutiny of the FCA.
The warnings have been given. It would be foolish to ignore them.