The FCA has fined Standard Chartered Bank (SCB) £102.2m for Anti-Money Laundering (AML) breaches in two higher risk areas of its business. The fine includes a 30% discount following entry into a focussed resolution agreement with the FCA.
SCB’s unique history means that, although headquartered in London, it has no branches in the UK, but instead maintains a network of more than 1,100 branches and outlets in 68 markets across the world, often in jurisdictions which present a higher risk of financial crime and money laundering.
UK firms are required by the Money Laundering Regulations (ML Regulations) to establish and maintain appropriate and risk sensitive AML policies and procedures. UK firms also have a duty under the ML Regulations to require their non-EEA branches and subsidiaries to apply AML standards at least equivalent to those required in the UK in relation to customer due diligence (CDD) and ongoing monitoring.
The breaches concerned SCB’s financial crime controls in two areas of its business which SCB itself identified as higher risk:
- SCB’s UAE branches from 24 November 2009 to 31 December 2014; and
- SCB’s correspondent banking business within its UK wholesale banking business from 11 November 2010 to 22 July 2013.
UAE Branch Operations
SCB considered its 14 UAE branches to be a high financial crime risk environment, in part because of the UAE branches’ geographic proximity to sanctioned countries, including Iran. The FCA found that SCB failed to ensure the AML controls in the UAE were at least equivalent to those required of a UK firm. Issues which concerned the FCA include:
- UAE branches failed to collect sufficient customer due diligence information (CDD) and analyse that information in order to understand the nature and purpose of the customer’s accounts and businesses. In many cases, branches failed either to adequately explain the shareholding structure and therefore the beneficial ownership or, in some cases, to identify correctly the authorised signatories and shareholders of the customer.
- The UAE branches did not consistently establish the source of funds of higher risk customers to enable an assessment of risk.
- The UAE branches had identified an increased financial crime risk in its dealings with Iranian customers, and introduced enhanced policies to mitigate the risk. However, the roll out was poorly managed. In many cases, branches were unable to obtain the evidence required to comply with policy. The fact that the required evidence could not be obtained led to a significant number of overdue periodic reviews.
- In many cases, UAE branches failed to follow internal policy by repeating CDD following trigger events such as negative press or a material change in the customer’s business. When periodic reviews were undertaken, some employees accepted unconvincing information.
The UK Wholesale Bank’s Correspondent Banking business
Correspondent Banking is the provision of banking-related services by one bank (the Correspondent) to an overseas bank (the Respondent) to enable the Respondent to provide its own customers with cross-border products and services. The Correspondent is reliant, among other things, on the AML controls of the Respondent to prevent the underlying parties from gaining access to the UK financial system for the purposes of money laundering or terrorist financing. Non EEA Respondents are regarded as presenting a higher risk of money laundering and necessitate enhanced due diligence, including an assessment of the Respondent's AML controls.
The FCA’s review found:
- CDD conducted by SCB on its Respondent Banks was not to the required standard in 88% of cases in the review. The FCA relied upon SCB's own internal review which noted “apparent ‘cut and paste’ descriptions of the correspondent’s controls” which “may be indicative of a tick box approach”.
- In some cases, SCB had not taken adequate steps to identify politically exposed persons (PEPs) holding a material, beneficial interest or senior management role in the Respondent. In some cases where a PEP was identified, there was insufficient evidence that an understanding of the PEP’s role in the Respondent had been obtained.
- There were failures where the UK Wholesale Bank accepted Respondent banks as a customer following an introduction by another SCB branch or subsidiary within the SCB group. SCB policies required a “Group Introduction Certificate” (GIC) to be completed which assessed compliance with ML Regulations However, SCB did not ensure that a GIC was in place for all of these customers and, even where they were in place, SCB did not take sufficient steps to identify deficiencies in the due diligence.
This case demonstrates the difficulties which multinational banks face in managing financial crime risks across a diverse geographical network. It is clear from the Decision Notice that SCB had an intent to comply with its AML obligations. In fact, many of the failings were identified by SCB in internal reviews. However, like many other banks against which the FCA has taken action, the FCA considered that SCB was let down by a lack of resource. This meant that when issues were identified, initiatives put in place to deal with them were sometimes ineffective. For example, the FCA described financial crime risk staff as being “overworked and overloaded”. As this case also demonstrates, where the FCA takes action against any firm where lack of resource has been identified in internal compliance reports, the FCA is likely to quote those findings in its published Notices.
When the FCA introduced its new settlement discount procedure which included the provision of focussed resolution agreements (covered extensively elsewhere in this publication, see 4 April 2019: Director of Enforcement speech on recent trends and 10 April 2019: Tribunal's first decision in an FRA case), its director of enforcement Mark Steward stated in a speech that his expectation was that “more cogent detail may become available through this process and so the transparency will also benefit the wider community as well.” This has proved to be the case. This notice includes details of arguments made by SCB at the Regulatory Decisions Committee (RDC) hearing. In particular, it is revealed that the SCB was successful in persuading the RDC that some components of the penalty should be reduced from level 4 to level 3. For practitioners, details of arguments used by firms before the RDC (and which are contained in an annex to the notice) are likely to be as instructive as the Notices themselves.
For AML failings, the FCA generally has a choice whether to proceed against the firm under disciplinary procedures contained in the FSMA or under enforcement provisions contained in the ML Regulations. In this case, because some of the failings related to SCB’s supervision of its non-UK regulated business, the FCA had to proceed under the ML Regulations. The procedure differs slightly to that under FSMA and explains why the “final” notice against SCB is a “Decision Notice” rather than a “Final Notice”. We have covered elsewhere in this publication, Mark Steward's recent observations on the FCA's approach to AML cases, see 4 April 2019: Director of Enforcement speech on recent trends.