On November 25, 2015, the Financial Conduct Authority (the “FCA”) issued a Final Notice imposing a financial penalty on Barclays Bank plc (“Barclays”) of £72,069,400, comprising disgorgement of £52,300,000 and a penalty of £19,769,400. Other than the amount of the fine, the case is noteworthy because there was no allegation or finding of criminality by the FCA on the part of Barclays or its clients. The FCA imposed the penalty on the basis that Barclays had breached Principle 2 of the FCA’s Principles for Businesses – “[a] firm must conduct its business with due skill, care and diligence” – because it had failed to implement adequate money laundering checks and controls in relation to a high value transaction.
This is the largest fine for financial crime failings ever imposed by the FCA or its predecessor (the Financial Services Authority). It serves to indicate the seriousness with which the FCA is treating senior management failings to properly implement internal compliance procedures. Although this particular action related to money-laundering prevention, and is therefore most relevant for in-house legal staff and compliance professionals, the broad authority of the FCA to investigate financial firms’ conduct means it is also noteworthy in other contexts, including anti-bribery compliance.
Barclays was retained by a number of ultra-high net worth politically exposed persons on a structured finance transaction worth £1.88 billion, arranged and executed between May 23, 2011 and November 24, 2014. The transaction, described within Barclays as an “elephant deal” due to its size, comprised investments in notes backed by underlying warrants and third party bonds and involved a number of companies across multiple jurisdictions and the use of a trust structure.
Inadequate Enhanced Customer Due Diligence
Pursuant to the Money Laundering Regulations 2007 (the “Regulations”), UK firms are required to undertake a number of customer due diligence measures as a matter of course on any transaction. The Regulations require that, when a client is classified as a “politically exposed person,” enhanced customer due diligence is undertaken by the retained entity to mitigate the attendant increased risks of financial crime In this case, Barclays had classified its clients as “Sensitive PEPs” in accordance with its own internal policies and the Regulations. Consequently, there was a greater level of risk of exposure to bribery or corruption in dealing with such clients. The FCA noted a number of other factors in relation to the risk associated with the transaction, including that:
- the transaction was complex, of a significant size and involved multiple jurisdictions;
- Barclays had experienced difficulties obtaining documentation and information from the clients;
- Barclays had agreed to very onerous client confidentiality terms, including an indemnity of up to £37.7 million payable to its clients if Barclays breached a confidentiality agreement;
- during the transaction, the clients had requested Barclays to make a payment of several tens of millions of US dollars to a third party, a request that was later withdrawn;
- Barclays had agreed to extend a line of credit in the amount of up to 60% of the value of assets involved in the transaction;
- funds invested in the transaction were sent to Barclays in over 20 separate transfers and the clients’ names did not appear on the transfer documentation; and
- letters attesting to the source of the transaction funds were general in nature.
Taking such factors into account, the FCA found that the due diligence Barclays performed was inadequate and not proportionate to the potentially high risks of financial crime associated with its clients and the transaction.
Senior Management Oversight and Approval Lacking
The Regulations require senior management to have a sufficient understanding of any financial crime risks before approving a business relationship with clients. The FCA found that Barclays had “a lack of centralised co-ordination” of roles and responsibilities noting that “there was no consistent understanding among the senior managers” as to who would be approving the engagement and the nature of the approvals required. It also found that there was an overreliance by senior management on approvals from the legal and compliance functions when the ultimate responsibility lay with management to assess the financial crime risks.
Further, Barclays management were found to have failed to sufficiently understand the risks and not complied with the bank’s own internal procedures, making what the FCA termed “inappropriate exceptions” for the clients in order to facilitate the business relationship.
The FCA concluded that Barclays had failed to establish an adequate understanding of the purpose and intended nature of the clients’ investments in the transaction, having only obtained one oral explanation in relation to one of those investments. Furthermore, the bank was found to have overly relied on publicly available information as to the clients’ source of wealth and funds without confirming findings with the clients themselves and verifying them independently through documentation, internal checks and third party intelligence.
Inadequate Monitoring and Record Keeping
Barclays was deemed to have failed to conduct necessary, ongoing monitoring of the financial crime risks associated with the business relationship, arising from the politically exposed status of the clients. The FCA highlighted the fact that Barclays had only maintained hard copy, and not digital, records in respect of the enhanced due diligence on the transaction and was therefore unable to respond promptly to the FCA’s requests for information.
This is the seventh penalty imposed on Barclays since 2009 by the FCA (and its predecessor), bringing the sum of total fines to nearly £500 million. This disciplinary history was considered to be an aggravating factor in the FCA’s calculation of the fine. Barclays qualified for a 30% discount on the pure financial penalty portion of the fine having agreed to settle at an early stage of the investigation.
The notice highlights the importance of ensuring that due care and attention is devoted, at all levels of a financial institution, to ensuring that internal money-laundering checks and procedures are properly implemented. The FCA continues to focus on the actions and attitude of senior management. It is evidently not enough for senior management to seek to rely on approvals from legal and compliance departments if insufficient steps have been taken by the organisation as a whole to ensure that adequate information about clients and their business has been obtained, irrespective of the potential value of that business.