The FCA has proven itself a formidable regulator, with numerous high profile actions in recent years, including a £48 million fine levied on Goldman Sachs in October 2020 for risk management failures in connection with 1MDB; the £102 million fine of Standard Chartered Bank in April 2019 for money laundering breaches and failure to apply UK money laundering standards in overseas operations; and the January 2017 fine of Deutsche Bank for failure to maintain an adequate AML control framework.
This year the first criminal charges were laid against a bank, marking a significant turning point for the agency. In March 2021, proceedings were brought against NatWest Bank for offences under the 2007 Money Laundering Regulations. The FCA alleges that NatWest’s systems and controls failed to adequately monitor and scrutinise potentially suspicious activity, being increasingly large cash deposits on a customer account; cash which totalled around £264 million of the £365 million received into the account.
In a recent speech Nikhil Rathi, CEO of the FCA, warned foreign banks that they were in the spotlight of the UK Financial Services regulator. Speaking to the Association of Foreign Banks on 6 May, Rathi stated that “International firms that pose more risk to consumers, clients and markets can expect proportionately closer scrutiny and higher expectations from us”. But what prompted this statement and what does it mean in practise?
Given the FCA’s enforcement history, in many ways a focus on smaller foreign banks now makes sense. Whilst large international banks will inevitably be misused by bad actors to launder the proceeds of their crimes, due to their global reach and sheer volume of accounts held, these banks have invested significant amounts in their financial crime compliance programs in recent years, making substantial improvements. Smaller, foreign banks have featured in some of the most high profile money laundering cases in recent years. For example in the ‘Russian Laundromat’, banks in Latvia and Moldova were used to funnel billions of dollars out of Russia. Such banks are likely to be feeling compliance pressure where they look to engage with international correspondent banks, but may be struggling to keep pace with international expectations due to lack of experience or resources or both.
The landscape has also shifted. In the past, firms could rely on the equivalence arrangements in place across the EU. This enabled European regulated firms to operate in the UK without being authorised by the PRA or FCA, on the basis that the standards of regulation were equivalent, and vice versa for UK firms. Since Brexit, no such arrangement exists.
The Temporary Permissions Regime was created to bridge this gap, allowing firms that were passporting into the UK under these arrangements to continue operating in the UK for a limited period after the end of the Brexit transition period. During that time firms must apply for full permissions to continue to operate in the UK.
There will be a rigorous review of all such firms applying to operate in the UK and the FCA is willing to remove permissions from firms where misconduct has been identified, said Rathi. This has been demonstrated in the case of Finteractive Ltd, a Cyprus based firm trading as FXVC, which the FCA considered to have used misleading financial promotions, causing customers to be unclear about the nature and risks of their investments.
Rathi also noted the role of the FCA in tackling financial crime and money laundering, including through developing and promoting international standards. Holding overseas firms to the same standards as UK ones ensures that those standards are consistently applied, resulting in a level playing field for market participants, as well as application of those high standards necessary to protect the integrity of the financial system. ‘Ensuring firms have adequate financial crime controls continues to be a key priority for the FCA across the banking sector’, said Rathi.
So what should you do, if you are a foreign financial institution seeking to operate in the UK, or an institution already licensed in the UK but assessing your compliance program in light of the FCA’s appetite for enforcement?
- Ensure that you have in place a robust financial crime compliance framework. Resources such as the FCA’s ‘Financial Crime Guide’ and The Wolfsberg Group’s ‘Statement on Developing an Effective AML/CTF Programme’, provide useful baseline guidance.
- Ensure this is adequately supported by a timely risk assessment. The risk assessment should be documented, subject to appropriate challenge and scrutiny, and updated on a regular basis or in response to significant events, for example the Covid pandemic.
- Controls should be assessed and proportionate to the risk assessment.
- Consider the implementation and operational effectiveness of the program, as well as the design. Independent testing of the program should be conducted on a regular basis, with enhancements fed back into the program.
- Consider the use of data and technology across your organisation. There is a regulatory expectation that institutions monitor customer activity to identify suspicious patterns or behaviour. This can only be achieved when an institution effectively aggregates their data across systems, divisions and geographic locations. Encouraged by regulators, financial institutions are increasingly looking toward predictive data analytics or artificial intelligence, in order to more effectively identify financial crime risk.
- International firms seeking authorisation to operate in the UK must demonstrate that they have an active place of business here. Those operations must be appropriately staffed and funded, i.e. they must constitute more than just a registered office. The FCA sets out further guidance in the February 2021 document ‘Our Approach to International Firms’.