Regulated firms need to ensure their systems and controls withstand scrutiny.

In a speech published on 1 April 2021, Mark Steward, the Executive Director of Enforcement and Market Oversight at the Financial Conduct Authority (FCA), made clear that detection, investigation and prosecution, where necessary, – either civilly or criminally – of breaches of the Money Laundering Regulations (MLR) and/or the Principles for Business remain key priorities for the FCA.

The FCA currently has 42 AML investigations ongoing, 25 of which involve firms and include issues involving politically exposed persons, customers with significant cash intensive operations, correspondent banking and trade finance, and transaction monitoring.

Mr Steward highlighted the recent high profile fines issued against Commerzbank AG (£37.8m) and Goldman Sachs International (£96.6m between the FCA and Prudential Regulation Authority combined) in addition to the upcoming prosecution of a leading UK bank for alleged breach of the MLR. In doing so, he was making clear that the FCA will continue to pay close scrutiny to the systems and controls that financial institutions have in place:

"Systems and controls that are purposeful, efficient and courageous in identifying suspicious activity are vitally important; system and control failures, on the other hand, provide an invisible, illicit cover for criminals and criminal activity that affects the whole community, not only in this country but also beyond, and can erode confidence in the financial system."

Effective AML systems create an  environment that is able to identify valuable signals in complex data, with repeatable interrogations geared to specific and reasonably foreseeable crime risks. This ensures that decision-making can be calibrated to those risks and  an accurate record made of how those risks were addressed. However, systems can also become overly complicated, bureaucratised, vulnerable to gaming by less scrupulous players, and expensive.

Focussing on that tension, Mr Steward stressed that:

"AML systems and controls must be focussed explicitly on the activating purpose and function of those controls, to ensure the system is not just a bureaucratic process and to ensure it cannot be gamed."

Looking to the future, of interest, the FCA will place increased emphasis on scrutinising how firms utilise its Warning List in relation to online investment promotions by unauthorised issuers and potential investment scams. This aspect will also apply in relation to the recently adopted Unregistered Cryptocurrency Businesses List.

While both lists are principally aimed at protecting the public, the FCA may increasingly look at how the information on them is utilised by regulated firms in the context of their systems and controls. In this respect Mr Steward asks how many firms on the Warning List have bank accounts and how many are the subject of suspicious activity reports?

"We would like to see our Warning List actively used, not only by consumers, but also by authorised firms seeking to ensure any transactions or transfers of funds by or to such firms are properly scrutinised and, where applicable, the subject of suspicious activity reports or other reports to the NCA and the FCA."

Osborne Clarke comment

AML remains an area of focus and concern for UK authorities, and the FCA has a broad armoury of enforcement powers available in that it can deploy both civil and criminal remedies. When the FCA does find AML failings, it inevitably calculates civil fines at the higher end of its seriousness spectrum, normally with a further "aggravation" uplift given the considerable publicity around this high priority for the FCA. If the matter proceeds as a criminal prosecution, and a defendant is convicted, aggravating factors will also be relevant to sentencing. As we move into what will hopefully be a post-pandemic stage, all FCA regulated firms should take the opportunity to review the effectiveness of their systems and controls to ensure that they address the likely direction of travel the FCA is indicating.