This month the FCA penalised Sonali Bank UK Limited ("SBUK"), which is majority owned by the Bangladesh government, for what it described as "serious and systemic weaknesses [which] affected almost all levels of its [SBUK's] AML control and governance structure, including its senior management team, its money laundering reporting function, the oversight of its branches and its AML policies and procedures". The seriousness of the breaches was reflected in sanctions. The fine imposed on the bank amounted to approximately one third of the bank's annual turnover, and it was restricted from operating its normal business and accepting new customer deposits for 168 days.
The FCA investigation
The FCA's attention to SBUK's AML measures was first piqued in 2010, following a routine visit by the FCA to SBUK's offices as part of the watchdog's thematic work to assess AML systems and controls in small banks. This assessment identified a number of "serious concerns" about the need to ensure that there was sufficient focus on AML measures and prioritise compliance with legal and regulatory requirements. A remediation plan was put in place, and SBUK did make changes. However it became clear following a second visit by the FCA four years later that, notwithstanding the measures taken since the first visit, there were still serious AML failings.
The outcome of a subsequent assessment later that year resulted in a decision to refer SBUK for investigation.
Outcome of the investigation
The FCA found an array of failings by SBUK; in its processes, systems and controls throughout the firm. The firm failed to comply with its operational obligations in respect of customer due diligence, the identification and treatment of politically exposed persons ("PEPs"), transaction and customer monitoring and making suspicious activity reports. For example, having identified one customer as a PEP with an income of £20,000 per annum, SBUK failed to query significant cash and cheque deposits made by the customer which were not commensurate with his income, and therefore the bank failed to consider the AML risks involved.
The FCA was also highly critical of SBUK's failure to remedy anti-money laundering measures which the FCA had identified to the bank in its site visits back in 2010. Although SBUK had implemented a series of measures, they had failed to test the implementation in order to assess their effectiveness.
As a result, SBUK had breached Principle 3 of the FCA's Principles for Business, which requires regulated firms to take reasonable steps to organise its affairs responsibly and effectively with adequate risk management systems.
In addition, the FCA found that SBUK had breached Principle 11 (dealing with regulators in an open and cooperative way) by failing to notify the FCA of an allegation of fraud. In this instance a customer had complained that £23,000 was missing from his account, which was subsequently found to have been misappropriated by a senior employee of the bank. SBUK did not notify the FCA of this until at least 7 weeks after it first became aware of the potential fraud, despite being under investigation by the FCA for its AML failings at the time.
The FCA also investigated the bank's former MLRO, and although they accepted that he was overworked and did not have sufficient support in his role, found this was no excuse for him not exercising the appropriate level of due skill, care and diligence required. In particular, he was criticised for failing to report internal auditor's concerns and shortcomings in customer checks higher up the chain in the bank.
The seriousness of the breaches was reflected in the FCA's sanctions. SBUK was fined £3,250,000 and the FCA imposed a restriction preventing it from accepting deposits from new customers for 168 days. The FCA also fined the bank's former MLRO £17,900 and prohibited him from performing MLRO or compliance oversight functions at regulated firms. These fines reflected the 30% discount that was applied for early settlement.
By taking the unusual step of placing restrictions on the bank's continuing business, in addition to imposing a substantial fine, the FCA are sending a clear message that it means business when it comes to compliance with AML requirements. This message is reinforced by a statement from Mark Steward, Director of Enforcement and Market Oversight at the FCA, who stressed that "fighting money laundering is an issue of extreme international importance and ensuring that AML controls are effective and viewed as important throughout the business are fundamental obligations of all regulated firms".
Mark Steward also said that there is "no excuse" for failing to follow guidance, and this is clear in the case of the overstretched and unsupported MLRO. The FCA's expectations are high – financial firms are required to maintain robust and risk focused AML systems, and to promote a culture which supports these controls and which impresses on all members of staff the importance of complying with them.