Meeting financial conduct authority obligations on money laundering

With the FCA having fined Commerzbank more than £37M for a lack of money laundering controls, Syed Rahman of Rahman Ravelli outlines the regulatory requirements for banks.

The Financial Conduct Authority (FCA) has fined Commerzbank £37,805,400 for having inadequate anti-money laundering (AML) systems and controls in place between October 2012 and September 2017.

The FCA said Commerzbank London had been aware of the problems but had not taken reasonable and effective steps to fix them, despite the FCA highlighting its concerns about them three times between 2012 and 2017. The bank’s failings were said to include not addressing long-standing weaknesses in its automated tool for monitoring money laundering risk and having inadequate policies and procedures in place for undertaking customer due diligence.

Commerzbank has since undertaken efforts to ensure its AML controls are legally compliant and has reviewed its approach to identifying suspicious transactions. It agreed to resolve the matter at an early stage of the investigation, meaning it qualified for a 30% discount on the original fine, which was £54M.

In its last Anti-Money Laundering Annual Report, the FCA confirmed it had over 60 ongoing AML investigations.

Banks are required to meet regulatory obligations to apply policies and procedures to minimise money laundering risk. They are governed by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), as amended by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019.

Financial institutions are expected to comply with the new amended regulations, which came into force on 10 January 2020. The amendments expand on sections relating to customer due diligence and enhanced due diligence. Banks must be able to allocate overall responsibility for AML to a director or senior manager, as it is expected that an effective AML and sanctions control framework requires senior management to set and enforce the highest possible levels of compliance.

In practical terms, banks must think about controlling and identifying risk. While banks can and do rely on AI for such measures, the case of Commerzbank showed that this on its own cannot be considered enough. Banks need to review their exposure to risk carefully, identify how they could improve their procedures and controls and take steps to eradicate weaknesses – an approach that may be particularly important during changes to working that have been enforced by the Covid-19 pandemic.

Banks need to give careful thought to:

• Setting remedial plans - detailed remediating measures help with damage limitation.
• Seeking attestations from senior management that weaknesses have been remediated.
• Hiring those with the relevant skills to test systems and controls, identify and remediate weaknesses and/or oversee remedial action by the firm.

The evolution of the financial crime landscape is a consequence of the agility of those looking to perpetrate such wrongdoing. Financial institutions must show that they are capable of being equally forward thinking and able to develop appropriate risk mitigation strategies to combat money laundering and financing of terrorism

Financial institutions should be aware of all FCA guidance. Chapter 16 of the FCA’s Financial Crime Thematic Review sets out banks’ obligations regarding AML and sanctions risks.

It explains:

• How to manage risks when exposed to them.
• What structures banks should have in place from a compliance perspective.
• Updates on legal and regulatory developments.