Out-Law Analysis | 31 Aug 2018 | 1:42 pm | 5 min. read
The UK branch of the Indian bank was fined £896,100 by the FCA in June 2018 for breaching Principle 3 (taking reasonable steps to organise its affairs responsibly and effectively, with adequate risk management systems) of the FCA's Principles for Businesses. It was also banned from accepting deposits from new customers for 147 days. The bank failed to maintain adequate AML systems and failed to take sufficient steps to remedy weaknesses in its AML systems and controls once notified by the FCA.
The Canara Bank sanctions are the latest in a series of AML system findings and penalties imposed by the FCA on financial services firms over the last five years. They follow findings against Deutsche Bank (fined over £163 million in 2017); Sonali Bank (fined over £3.25m and banned from acquiring new customers for 168 days in 2016); Bank of Beirut (fined £2.1m and banned from acquiring new customers from high-risk jurisdictions for 126 days in 2015); and Standard Bank UK (fined over £7.64m in 2014).
The FCA has been focusing on combatting money laundering, and specifically on ensuring that firms have adequate AML controls and systems in place which are implemented. In its 2017-18 business plan, the regulator said that it would generally use its civil powers in these cases, but may use its criminal powers to prosecute firms or individuals "if failings are particularly serious or repeated".
In its 2017-18 and 2018-19 business plans, the FCA stated that AML was a cross-sector priority and that it would "assess the quality" of firms' AML controls. FCA executive director of enforcement and market oversight, Mark Steward, reaffirmed this when commenting on the Canara Bank sanctions, stating that Canara's failure to address inadequate AML controls after warnings from the regulator was "at the more serious end of the range of sanctions".
The recent AML penalties issued by the regulator are also interesting as they illustrate a shift by the FCA away from only using financial penalties, as well as its increased focus on individual accountability and cultural failings.
The FCA has increasingly been using non-financial penalties in addition to imposing fines. Canara Bank and Sonali Bank (UK) Ltd were banned from accepting deposits from new customers for 147 days and 168 days respectively. Bank of Beirut was also banned from acquiring new customers from high-risk jurisdictions for 126 days.
In its final notice in the Canara Bank case (44-page / 398KB PDF), the FCA stated its belief that imposing a restriction, in addition to the financial penalty, would "be a more effective and persuasive deterrent than a financial penalty alone". It said: "The imposition of a restriction is appropriate because it will demonstrate to firms that fail to address deficiencies in their AML systems and controls that the Authority will take disciplinary action to suspend and/or restrict the firm's regulated activities".
The FCA noted in its business plans of 2016-17, 2017-18 and 2018-19 that the regulator would impose business restrictions on firms that are found to have poor AML/financial crime controls. This is not surprising given the reputational damage and commercial impact that these restrictions can have on firms. The FCA clearly does not think that financial penalties alone act as a sufficient deterrent in such circumstances.
The sanction imposed on Canara Bank also demonstrates the FCA's willingness to use any or all of its sanctioning powers to deter firms from failing to implement efficient AML systems and processes. This is in line with the FCA's 'approach to enforcement' document, published in March of this year.
This document stated: "We aim to make sure the sanction is sufficient to deter the firm or individual from re-offending and deter others from offending. Where we take disciplinary action against a firm or an individual, we will consider all our sanctioning powers, including public censure, financial penalty, prohibition, suspension or restriction orders..."
The FCA's current mindset is clearly that financial penalties alone are not having the desired impact to improve behaviours. Should the FCA not see an improvement as a result of its supervision powers, the next step is criminal prosecution.
The FCA has also shown that it will hold the relevant persons responsible for the failure to report AML system weaknesses to the FCA, or to implement the relevant requirements. In addition to the fines imposed on Sonali Bank (UK), its money laundering reporting officer (MRLO), Steven Smith, was fined £17,900 and banned from performing MRLO or compliance oversight functions at regulated firms.
Similarly, Michael Allin, the sole internal auditor of Bank of Beirut, was fined £9,900 for incorrectly informing the FCA that the bank had completed its FCA-mandated action points when it had not. The bank's former compliance officer, Anthony Wills, was fined £19,600 for incorrectly informing the FCA that the bank had completed its requirements to improve its AML programme.
Given the FCA's increased scrutiny of individuals in senior roles under the senior managers' regime, and with the extension of the SM&CR, the FCA expects to see an increase in individual sanctions and accountability in relation to AML failings. The difficulty the FCA is likely to face is similar to that it experienced under the previous Approved Persons Regime: namely, that senior individuals will often have made reasonable enquiries, but it is the information they are receiving which is inaccurate.
Recent FCA notices found "systemic" weaknesses or failures in the banks' AML systems and controls, and repeatedly noted that these failings were at "all levels" of the business and management. There are repeated references to a "culture" of AML risk or failure to instil responsibility for compliance within the banks. Commenting on its sanction of Sonali Bank (UK), the FCA stated that it "expects regulated firms to promote a culture which supports these controls and which impresses on all members of staff the importance of complying with them".
The FCA is increasingly placing importance on the environment within banks and financial institutions, as highlighted in its discussion paper on transforming financial services culture published in March of this year. The opening line of this paper states that culture in financial firms is "widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history, causing harm to both consumers and markets".
The paper goes on to look at the relationship between 'good culture' and compliance, and discusses the way firms can work to bring about cultural changes – something which the FCA has said cannot be done with regulation alone. It also includes an assessment of senior management, middle management and employee behaviour as factors within culture, which demonstrates that the regulator is looking at practices and influences at all levels of the business.
The FCA is increasingly keen to issue final notices which refer to culture failings within firms. The difficulty it will face is how to define 'culture' and whether what often amounts to a small number of isolated events can ever be considered 'cultural'.
Michael Ruck is a financial services regulation expert at Pinsent Masons, the law firm behind Out-Law.com.