The United Kingdom’s chief financial services regulator Wednesday penalized a Bangladeshi bank more than $4 million and fined the institution's financial crime compliance officer nearly $22,000 for a wide range of program failings, in the process barring the person from future work in the sector.

The United Kingdom’s Financial Conduct Authority (FCA) penalized Sonali Bank Limited (SBUK) for 3.3 million pounds and money laundering reporting officer (MLRO) Steven Smith for nearly 18,000 pounds, a rare step revealing the seriousness of the anti-money laundering (AML) problems that spanned from tellers to top management, resources to risk ranking.

Key to the severity of the penalty is that Sonali “failed to take adequate steps to ensure that the importance of AML compliance was ingrained throughout the business, despite receiving clear warnings of a culture of non-compliance.”

While the FCA has in recent years levied higher monetary penalties, this is the agency’s most powerful statement against individuals.

The action is also likely to send shockwaves through the ranks of rank-and-file compliance officers with the individual penalty against Smith, an example of a broader global initiative also occurring in the United States to bring more accountability to financial institution AML programs by increasing the liability of top officers for program missteps.

Part and parcel of the penalty is a regulatory restriction preventing the bank from accepting deposits from new customers for nearly six months, a move the FCA says will grab the bank’s attention after it failed to “heed repeated warnings” from examiners, certain board members and even internal auditors to improve its compliance controls.

The FCA said in penalty documents it “believes that imposing a restriction, in addition to a financial penalty, will be a more effective and persuasive deterrent than a financial penalty alone.”

Moreover, the “imposition of a restriction is appropriate because it will demonstrate to firms that fail to address deficiencies in their AML systems and controls that the Authority will take disciplinary action to suspend and/or restrict the firm’s regulated activities.”

Despite having “previously received clear warnings about serious weaknesses in its AML controls,” the bank failed to maintain adequate AML systems between August 2010 and July 2014, according to the regulator, adding that it also puts much of the blame squarely on the shoulders of senior management and the board, which focused on profits over proper controls.

The FCA found that “serious and systemic weaknesses affected almost all levels of its AML control and governance structure, including its senior management team, its money laundering reporting function, the oversight of its branches and its AML policies and procedures.”

As a result of the extensive gaps, this meant that the firm “failed to comply with its operational obligations in respect of customer due diligence, the identification and treatment of politically exposed persons, transaction and customer monitoring and making suspicious activity reports.”

MLRO rebuffed for help, but still liable

What makes the action particularly chilling for compliance officers is that Smith attempted to address some of the key problems in Sonali’s AML program – such as improving transaction monitoring and other systems, recruiting more staff with requisite experience and purchasing third-party information databases – but was rebuffed by more senior officials.

The UK FCA, however, argued Smith should still be held liable for his inability to get more resources, systems and staff because, in their mind, he could have been more aggressive in getting the ear of senior management, more creative reaching out to sympathetic board members or should even have gone directly to the FCA itself, which he didn’t do.

During the roughly four-year period, the FCA noted that the MLRO department “did not have adequate resources and was overstretched, which hampered its ability to carry out its functions.”

The regulator specifically highlighted some of the more egregious examples, including:

  • The MLRO was required to perform significant work in excess of what should have been his primary function.
  • It took ten months to recruit a staff member after SBUK had identified the need for more staff in the MLRO department.
  • SBUK failed to provide IT upgrades and software in a timely manner which would have assisted the MLRO function in conducting its duties more effectively.

The bank also exhibited lax compliance controls around many of the riskiest areas in financial services, including foreign correspondent banking, trade finance, politically-exposed persons (PEPs) and money services businesses, all areas currently being shed by many large domestic and international banks in a “de-risking” exercise meant to ward off regulatory scrutiny, lower compliance costs and lessen penalty exposure.

As well, the FCA dinged Sonali on taking months to respond to a report from a customer that a bank insider stole tens of thousands of pounds from his account in a significant fraud.

Remediation plan run down

In an effort to appease regulatory expectations, Sonali has engaged in a broad effort to bolster its compliance controls and take a sobering look backward to ensure no reportable suspicious activity was missed.

The bank has invested in improving its AML systems and controls and appointed an independent, non-executive director “who has specific AML skills,” to give a trained eye an unvarnished view of its operations.

In addition, the institution has “retained the services of external consultants to assist it in its review of AML systems and controls, updated the AML Staff Handbook and other AML policies and procedures, and revised the risk assessments for the on-boarding of its retail customers, PEPs and high risk accounts.”

In tandem, the MLRO has conducted reviews of SBUK’s branches, staff “have undertaken refresher AML training which is more relevant to the operations of the firm and it has retained an external contractor to conduct a past business review of its client on-boarding files.”

The bank and senior managers will also now be more responsive to regulatory inquiries along with the institution making a “strategic decision to streamline its retail banking operations by closing all but two of its branches by the end of 2016.”