25 November 2015
Barclays has been fined just over £72m for Principle 2 (due skill, care and diligence) breaches associated with failures to manage the financial crime risks related to a £1.88bn transaction arranged for a number of ultra-high net worth politically exposed persons (PEPS) during 2011 and 2012.
The transaction was the largest of its kind that Barclays had executed for individuals and, prior to the deal, Barclays agreed to keep the identities of the clients confidential, even within the Bank, agreeing to indemnify the clients to the tune of £37.7m in the event of loss of confidentiality. As a result of the failures identified, the FCA found that Barclays had threatened confidence in the UK financial system and failed to mitigate the risk to society of financial crime. The fine included a disgorgement figure of approx. £52m and a penalty of nearly £20m (taking into account the 30% discount for settlement at Stage 1).
Higher risk of financial crime
The FCA identified a number of factors in respect of the transaction that indicated that there was a higher risk of financial crime, and which should have prompted Barclays to carry out more detailed enhanced due diligence (EDD) than would be required under its standard procedures. Those factors included:
- the size of the transaction;
- difficulties obtaining documents, details and explanations from the clients;
- the Bank's agreement to adhere to exceptional levels of confidentiality;
- the complex investment structure involving multiple jurisdictions;
- bank accounts set up to transfer funds but which were subsequently closed; and
- multiple transfers of funds that, contrary to expectations, omitted the clients' names.
The FCA found that, instead of applying a higher standard of EDD, Barclays gathered less information than its procedures ordinarily required. It had addressed the financial crime risk in an "ad hoc" way and whilst the higher risk indicators may have been identified by some staff, the FCA said that there was no holistic approach.
The FCA highlighted failings in the following areas:
- failures in senior management oversight and approval;
- inadequate EDD;
- insufficient information about the purpose and nature of the transaction;
- insufficient corroboration of the clients' source of wealth;
- insufficient corroboration of the clients' source of funds;
- inadequate enhanced ongoing monitoring; and
- inadequate record keeping.
In reaching its conclusions, the FCA also took into account the significant amount of guidance available to Firms (including the Thematic Review on the topic published in 2011). It also noted that the failings were not identified by Barclays until intervention by the FCA.
You can read the Final Notice here.
As we approach the implementation date for SMR, the criticisms of senior management and the apparent unwillingness of anyone to take overall responsibility for the transaction are of note. The FCA found that it was unclear, who, if anyone, was responsible for overseeing the financial crime risks associated with the transaction. Those who were identified on Barclays' systems as having given relevant approvals did not know that they were named and did not accept responsibility for them at interview. Overall, the FCA found that there was a lack of centralised co-ordination in respect of the transaction and an over-reliance on legal and compliance who did not have all of the relevant information. This is precisely the situation which the new regime seeks to avoid, for example, through its new senior manager conduct rules.
The confidentiality arrangements plainly had a material impact on the Bank's ability to manage the risks appropriately. However, while the FCA noted that there was nothing inherently wrong with Firms maintaining a high level of client confidentiality, it criticised Barclays for not putting in place a suitable alternative. The FCA was also critical of the Bank's apparent reluctance to obtain necessary information from the clients due to perceived sensitivities and which resulted in the Bank applying a much lower standard of EDD than was normally applied to other clients.
It is interesting to see the seriousness with which the FCA treated the matter. In calculating the appropriate penalty it regarded the Bank's conduct as being of level 4 seriousness, where level 5 represents the most serious level of breach. Further, it not only applied a 20% uplift for aggravating/mitigating factors, but then applied a multiplier of 3 for deterrence.