Baringa Blogs

FCA issues record fine for Anti-Money Laundering (AML) control weaknesses

“Other firms should take notice of today’s fine and look again at their own AML procedures to ensure they do not face similar action.” Mark Steward, Director of Enforcement and Market Oversight, FCA.

In light of the FCA’s decision to issue a record fine of £163m for “failing to maintain an adequate AML control framework”, there’s an immediate requirement for firms to review their AML control frameworks.

The size of the fine; the largest the FCA has ever issued for money-laundering, was influenced by the scale of potential financial crime that occurred and the breadth of deficiencies across the AML control framework. Through mirror trades, customers were able to transfer more than six billion USD from Russian entities through the UK and then on to overseas bank accounts in a typology which could be indicative of financial crime.  The fact that this volume of mirror trading occurred undetected, is symptomatic of a number of failings, as identified in the FCA’s Final Notice

  • Inadequate customer risk rating methodologies:
    • That failed to consider the different risks for legal entity types and customer interaction models
    • Where country risk ratings were opaque and unsupported by clear rationales
    • Which led to an underestimation of customer risk.
  • Ineffective customer due diligence:
    • At on-boarding, with insufficient identification of the nature of business, together with limited verification of ultimate beneficial owners and ownership structures, source of funds and wealth
    • On underlying clients that acted as intermediaries
    • Which failed to remediate historic deficiencies including live, orphan accounts where customers had been on-boarded without full or retrievable due diligence information
    • Which limited effective ongoing customer monitoring.
  • Data management shortcomings across platforms including a lack of unique cross-platform identifiers and no single repository for Know Your Customer data
  • Lack of automated technology for detecting and alerting on suspicious trades. Limited policies and procedures for review, closure and escalation of alerts
  • Resourcing challenges within AML control functions limiting their ability to undertake adequate monitoring and thorough investigations
  • Unclear accountability for, and ownership of, AML risk with confusion on roles and responsibilities between front-office, operations and control functions manifesting itself in process-oriented teams being perceived as having responsibility for AML risk decisions.

Given the specificity of the Final Notice, firms should take stock and assess the effectiveness of AML controls highlighted. Firms must also use this as an opportunity to examine the effectiveness of their AML control framework more broadly:

  • An AML Operating Model should be defined to consistently identify accountabilities across the three lines of defence
  • Resourcing must be sufficient to execute this model and support an effective AML control framework
  • A firm wide risk assessment should be refreshed to demonstrate a robust understanding of AML risk as well as a basis for control alignment
  • AML policies and procedures should be regularly refreshed and compliance monitored
  • Staff should be appropriately trained to understand money laundering risks relevant to their role and business
  • Transaction monitoring capabilities must be commensurate with your risk profile
  • A comprehensive assurance and monitoring capability should be in place across the first and second lines of defence to support self-identification of control weaknesses and opportunities for enhancement on an ongoing basis

To inform the development of a robust, prioritised remediation plan, firms should also use this opportunity to reassess their AML risk appetite and strategy. Without regular monitoring and investment, today’s good practice is tomorrow’s mediocre. 

Back to February 2017

Comments(0)

Blog post currently doesn't have any comments.

Leave comment

 Security code