Analysis of FCA fines in 2017

FCA fines levied in 2017 amounted to £229.4 million, representing a stark increase compared to the £22.2 million worth of fines levied in 2016. The higher total amount in 2017 is largely due to a single £163 million fine at the start of the year. FCA fines had risen significantly between 2012 and 2015 due to the sanctions imposed on firms over the LIBOR and foreign exchange benchmark-rigging matters, with a record £1.4 billion in penalties issued in 2014. Following the end of these large investigations, fines last year fell to their lowest level since 2007. Generally, as the FCA issues fewer than 50 penalties a year, a large fine can have a disproportionate impact on the overall total, and 2017 is still the second lowest year of fines over the past five years. 

SFO outlines tell-tale signs of money laundering

In 2017, the National risk assessment of money laundering and terrorist financing 2017 relaunched the National Crime Agency’s ("NCA") 'Flag it Up' campaign. The Serious Fraud Office ("SFO") has stated that serious and organised crime is costing the UK an estimated £24 billion every year and in support of the NCA's campaign, has highlighted certain tell-tale signs of money laundering and reminded firms of the importance of making Suspicious Activity Reports ("SARs"). Elizabeth Baker, Head of Proceeds of Crime at the SFO, advised situations should be flagged where:

  • a long term client begins making requests that are out of character;
  • a client repeatedly asks for services outside of an individual’s or firm’s area of expertise; and/or
  • a client requests arrangements that do not make commercial sense.

Surge in financial sector fraud

A recent report published by accountancy firm BDO, has stated that fraud-related losses reported in the UK’s financial services and insurance sectors has quadrupled in the last year from £214.9 million in 2016, to £899.7 million in 2017. The biggest losses in the financial services sector in 2017 were reported to be from money laundering, corruption and employee fraud. Other sectors that also saw significant increases in reported fraud included the retail sector and real estate, and rental and leasing sector. BDO also noted that the total value of fraud and the number of reported cases in all industries in the UK hit a 15-year high, with the value up 6.5% to £2.11 billion from £1.99 billion.

Part I - guidance for all financial services firms.JMLSG makes further changes to AML/CTF guidance  In December 2017, The Joint Money Laundering Steering Group ("JMLSG") published revised versions of its June 2017 Guidance on anti-money laundering/countering terrorist financing. The revisions reflect minor amendments to the November 2017 consultation version. The guidance is in three parts:

  • Part II - industry-specific chapters dealing with particular issues faced by a range of sub-sectors of the financial services sector.
  • Part III - specialist guidance on a number of topics.

The December version of the Guidance has been submitted to the Treasury for approval. Although the amended Guidance will only take over the ‘legal’ status of the existing Guidance once it has been approved by a Treasury Minister, firms are free to use the provisions of the new Guidance immediately, if they wish to do so.

Increased complexity of cybercrimes in 2017

The European Union Agency for Network and Information Security ("ENISA") has published its 2017 report on the cyber-crime threat landscape, analysing current main threats to cyber-infrastructure. ENISA’s report notes that trends for cybercrime in 2017 included increasing complexity in attacks and a greater ability of criminals to go undetected. Other main trends noted include:

FCA final notice for failure to disclose inside information under MAR

The FCA has published a final notice in which it imposed a £70,000 fine on Tejoori Limited, an AIM listed company, for failing to inform the public as soon as possible of inside information, in breach of Article 17(1) of the Market Abuse Regulation. The FCA imposed a penalty of £70,000 on Tejoori, calculated in accordance with the five step framework set out in DEPP. As part of the framework, the fine was increased to £100,000, as an adjustment for deterrence, but reduced to £70,000 for early settlement.

Hacker imprisoned for two years after international cyber attacks

A British hacker has been found guilty of orchestrating thousands of cyber-attacks around the world and sentenced to two years’ imprisonment. Alex Bessell was also convicted of various other offences, including money laundering related to the hacking. Mr Bessell attacked firms such as Skype and Google and admitted responsibility for creating and selling programmes which allowed others to globally conduct attacks and steal data. He pleaded guilty to the following:

  • Two counts of: Doing an unauthorised act or acts with intent to impair, or with recklessness as to impairing the operation of a computer or computers, contrary to section 3 of the Computer Misuse Act 1990;
  • One count of: Unauthorised access with intent, contrary to section 2 of the Computer Misuse Act 1990;
  • Two counts of: Conspiracy to make an article for use in offences under Section 3 of the Computer Misuse Act 1990, contrary to section 1 (1) of the Criminal Law Act 1997;
  • One count of: Entering into or becoming concerned in a money laundering arrangement, contrary to section 328 (1) of the Proceeds of Crime Act 2002;
  • One count of: acquiring criminal property, contrary to section 329 (1) (a) of the Proceeds of Crime Act 2002;
  • Three counts of: conspiracy to make or supply an article for use in offences under section 3 of the Computer Misuse Act 1990, contrary to section 1 (1) of the Criminal Law Act 1997; and
  • One court of: Encouraging or assisting offences, contrary to section 46 of the Serious Crime Act 2007.

EU Parliament and Council reach agreement on amending 4MLD The European Commission has announced that an agreement has been reached between the European Parliament and the Council on proposals to revise the Fourth Anti-Money Laundering Directive ("4MLD"). The proposal (sometimes known as 5MLD) was presented by the Commission in July 2016 and is part of the Commission's Action Plan of February 2016 to strengthen the fight against terrorist financing. It sets out a series of measures to better counter the financing of terrorism and to ensure increased transparency of financial transactions. A supplementary factsheet has also been published. 

EU urged to create European cybersecurity model

At a public hearing on the Cybersecurity Act held in Brussels, the European Economic Social Committee ("EESC") made proposals for the EU and member states to adopt a European-level cybersecurity model, strengthen the mandate of the European cybersecurity agency, and establish an effective certification scheme for online services and products. Among things, the EESC has proposed:

Group-wide AML/CTF compliance: new obligations for firms with overseas branches and subsidiaries?

In December 2017, the European Supervisory Authorities published a Report on draft Joint Regulatory Technical Standards (“RTS“) on the measures that credit and financial institutions should take to manage money laundering risk in their non-EU overseas branches and subsidiaries. The RTS focusses on the measures that EU firms must adopt when local law prevents their branches and subsidiaries sharing information with them for anti-money laundering purposes. To date, the draft RTS has received little attention, but it is potentially of significant importance to firms with branches and subsidiaries in non-EU jurisdictions with strict banking secrecy or data privacy requirements, as it may require them to adopt new monitoring strategies and arrangements. In this briefing we summarise the background to and requirements of the draft RTS. Please click here to see our full briefing on this matter.

  • malicious infrastructures continuing to move towards multipurpose functions, including anonymisation, encryption and detection evasion;
  • monetisation of cybercrime becoming the main motive of threat agents;
  • state-sponsored cyber criminals exisitng as omnipresent malicious agents in cyberspace, and causing particular concern to commerce and governments; and
  • increased concerns about the threats to critical infrastructure operators.
    • Two counts of: Doing an unauthorised act or acts with intent to impair, or with recklessness as to impairing the operation of a computer or computers, contrary to section 3 of the Computer Misuse Act 1990;
    • One count of: Unauthorised access with intent, contrary to section 2 of the Computer Misuse Act 1990;
    • Two counts of: Conspiracy to make an article for use in offences under Section 3 of the Computer Misuse Act 1990, contrary to section 1 (1) of the Criminal Law Act 1997;
    • One count of: Entering into or becoming concerned in a money laundering arrangement, contrary to section 328 (1) of the Proceeds of Crime Act 2002;
    • One count of: acquiring criminal property, contrary to section 329 (1) (a) of the Proceeds of Crime Act 2002;
    • Three counts of: conspiracy to make or supply an article for use in offences under section 3 of the Computer Misuse Act 1990, contrary to section 1 (1) of the Criminal Law Act 1997; and
    • One court of: Encouraging or assisting offences, contrary to section 46 of the Serious Crime Act 2007.
    • new resources to be allocated to ENISA, which is a centre of expertise for cybersecurity in Europe — to ensure that it has further resources and is focused on e‑government and universal services (e-health) as well as preventing and combating ID theft and online fraud; and 
    • establishing an EU cybersecurity certification framework, based on commonly defined cybersecurity and ICT standards at European level— enabling the certification of online services and products to improve consumer confidence; and
    • an established model of resilience against attacks at European level.