p. 67914. Combatting financial crime
- Iris ChiuIris ChiuProfessor of Company Law and Financial Regulation, University College London
- and Joanna WilsonJoanna WilsonLecturer in Commercial Law, University of Sussex
This concluding chapter studies the regulation compelling banks and financial institutions to play an active part in combatting financial crime. Regulation takes two approaches: one is to enforce anti-money laundering law through banks and financial situations; and the other approach is to enforce anti-money laundering law against them if they should be found to be complicit in transferring proceeds of crime. Under the first approach, regulation imposes duties on banks and financial institutions to act as gatekeepers to prevent money laundering from taking place and to identify such incidents so as to help regulators carry out enforcement. Under the second approach, banks and financial institutions may be punished for sometimes inadvertently becoming complicit in money laundering, and this provides a strong incentive for them to treat their gatekeeper roles seriously. The chapter then considers the regulatory duty of due diligence, financial intelligence reporting, and internal control and governance.
14.1 Introduction to regulation in anti-money laundering and terrorist financing
Banks and financial institutions are at the heart of money transmission. They process transactions for perfectly legitimate purposes, such as my purchase of a sofa using a debit card, or the payment of salary from employers’ accounts to their employees’ accounts. However, banks and financial institutions are also used by criminals to transfer illegally obtained monies or proceeds of crime. Further, the financing of terrorism also involves banks and financial institutions, as monies are transmitted, oftentimes internationally, for organising terrorist activities. Hence, regulation now compels banks and financial institutions to play an active part in combatting financial crime.
Regulation takes two approaches, one is to enforce anti-money laundering laws through banks and financial institutions; and the other approach is to enforce anti-money laundering laws against them if they should be found to be complicit in transferring proceeds of crime. Under the first approach, regulation imposes duties on banks and financial institutions to act as gatekeepers to prevent money laundering from taking place and to identify such incidents so as to help regulators carry out enforcement. Under the second approach, banks and financial institutions may be punished for sometimes inadvertently becoming complicit in money laundering, and this provides a strong incentive for them to treat their gatekeeper roles seriously.
Money laundering is a process by which monies of an illegal origin (either they have been obtained illegally or are the proceeds of other criminal activity, also known as ‘dirty money’) are made to appear legitimate or ‘clean’. Leong1 describes how money laundering is carried out in three stages: placing, layering and integration. ‘Placing’ involves putting monies of an illegal origin into the financial system, for example, by depositing into a bank account, by investment in financial instruments etc. Thereafter, such monies are ‘layered’, that is, moved, usually through a series of transactions involving different entities, different assets, and different jurisdictions, so as to sever any audit trail and hence make tracing their origins harder. Finally, the criminal is able to resume control of the monies free from any link to their criminal source, arriving at the point p. 680↵of ‘integration’. If dirty money is successfully placed and layered through the financial system, its legitimacy is considerably strengthened at the point of integration.
Anti-money laundering legislation is targeted at the processes of ‘placing’ and ‘layering’ in order to disrupt the money laundering process and apprehend the criminals concerned. It may be appreciated that the criminals involved in laundering dirty money may not be the same as the criminals involved in the crimes that give rise to the dirty money. However, money laundering is itself an offence, predicated upon the money or ‘proceeds’ involved being ‘proceeds of crime’. The crime of money laundering is set out in the UK Proceeds of Crime Act 2002.
14.1.1 The criminal offence of money laundering
It is stipulated to be a criminal offence for a person to conceal, have control of or facilitate another to have control of ‘criminal property’.2 If a person acquires, uses, or has possession of criminal property,3 such a person would commit the offence of money laundering. The above actus reus relates to control of criminal property and corresponds to the ‘placement’ stage above. Any person who facilitates the placement stage would commit the money laundering offence, that is, if a person becomes involved in or makes an arrangement to facilitate another to acquire, use, control or retain criminal property.4 The actus reus of ‘concealing’ includes all forms of attempt to hide the nature, source, location of or rights to the criminal property, such as disguising, converting, transferring and removing,5 which correspond to the layering stage.
First, for money laundering to be proved, one needs to establish that the property subject to the alleged actus reus above is indeed ‘criminal property’. In R v Loizou,6 the police descended on a group exchanging money in the sum of £80,000 in a car park. The individuals involved were charged with the offence of money laundering under s327 of the Proceeds of Crime Act involving the ‘transfer’ of criminal property. The defendants argued that the offence could only be proved if the property was indeed criminal property, which meant that the property was either illegally obtained or constituted the proceeds of crime. It turned out that the money was to be used for payment for illegally imported cigarettes, but the illegal importation had not happened when the police disrupted the exchange in the car park. Hence there was no primary offence of illegal importation of cigarettes for the relevant money laundering offence to be based upon. The defendants were found not guilty as at the point of exchange, no criminal property was transferred.
However, this does not mean that a money laundering offence can only be made out if it were incontrovertibly proved that the property involved is ‘criminal property’. This is because s328 can be used to impose liability upon a person for being involved in the p. 681↵actus reus despite having a ‘suspicion’ of money laundering. In other words, a person can become criminally liable for failing to deal with ‘suspicion’ of money laundering (in the manner permitted under law as will be elaborated upon below) and becoming involved in the actus reus. This position may be attributed to the public interest in preventing and dis-incentivising people from assisting the processes of money laundering. Further, the need to prove that a crime in relation to the property has already occurred may be unduly onerous. Hence, the Terrorism Act 2000 takes a wider approach towards criminalising individuals involved in arrangements that facilitate the control or retention of terrorist property by concealment, transfer, removal, or other forms of transactions.7 ‘Terrorist property’ includes monies or property likely to be used for acts of terrorism.8 In this manner, terrorist financing is criminalised whether or not acts of terrorism are indeed carried out.
The raison d’etre for combatting money laundering lies in ‘taking the profit out of the crime’. If criminal activity is penalised in terms of the removal of profits associated with it, the incentives to commit crimes, especially organised crimes such as illegal drug dealing or systemic corruption, may be reduced. Targeting the proceeds of crime may also reduce the financing of further crimes, especially terrorist activities. Besides its deterrent purposes, policymakers support anti-money laundering laws as they contribute to the perception of integrity in financial systems and markets, that they are not used for the purposes of placement and layering by criminals. The maintenance of sound reputation in a country’s financial systems and markets helps to promote genuine financial flows for economic activity. Further, the reduction of money laundering activity in an economy helps to reduce distortions in an economy. If dirty money is used to finance activities such as the purchase of residential property, then property prices may inflate to the disadvantage of genuine buyers due to the flooding in and purchasing power of ‘dirty money’. Stemming ‘dirty money’ reduces distortions in the prices of real estate and luxury goods, and sustains an economy for legitimate activities that can be properly financed.
Although the Act targets all persons involved in money laundering, such as criminal associates of the predicate offender, the width of the actus reus scope captures banks and financial institutions if they become involved in the placement or layering processes. Banks’ potential liability is dealt with under section 14.4.
We turn next to regulatory development. Money laundering and terrorist financing spans many jurisdictions as the cross-border nature of financial transfers assists in the layering process and makes it more difficult to track the trail of ‘dirty money’. Hence, regulation can only be effective if it is applied to the international banking and financial system and achieves a level of standardisation and universal application. Section 14.2 discusses the development of international standards and how these have been adopted in EU and UK legislation. In sections 14.3 and 14.4, we consider the substantive regulation applied to banks and financial institutions, which largely deal with preventing p. 682↵money laundering. Banks treat this area of regulation very seriously, and ‘anti-money laundering’ compliance has become a recognised professional practice.
This section introduces the legal definitions of the offence of money laundering found in the UK Proceeds of Crime Act 2002.
The offence of money laundering can include the financing of yet-to-be-committed crimes such as terrorist financing.
Banks and financial institutions are highly exposed to money laundering risk due to the inherent processes needed to make ‘dirty’ money appear ‘clean’.
Proceeds of Crime Act 2002 (including subsequent amendments)
Terrorism Act 2000 (including subsequent amendments)
Alexander, RCH, Insider Dealing and Money Laundering in the EU: Law and Regulation (Ashgate 2007)
Leong, AVM, ‘Anti-money Laundering Measures in the UK’ (2007) Company Lawyer 35
Ryder, N, Money Laundering—An Endless Cycle?: A Comparative Analysis of the Anti-Money Laundering Policies in the United States of America, the United Kingdom, Australia and Canada (Oxford: Routledge 2012)
14.2 Development of anti-money laundering regulation internationally, in the EU, and nationally
Anti-money laundering laws have been developed at an international level before percolating down to national governments. This is largely due to international concerns for organised illegal drug trafficking, which is highly profitable, resulting in the need to launder the proceeds of crime. A Global Programme led by the United Nations (UN) Office on Drugs and Crime was established since 1997 after the introduction of the UN Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances of 1988. This Programme has initially focused on combatting money laundering of the proceeds of drug crime, but has now extended to wider money laundering issues such as corruption, human trafficking, and terrorist financing. These extensions are as a result of international agreement secured in the International Convention for the Suppression of the Financing of Terrorism (1999), the UN Convention against Transnational Organized p. 683↵Crime (2000) and the UN Convention against Corruption (2003). The Financial Action Task Force was established in 1989 to support the Programme by taking leadership in developing principles to fight money laundering, terrorist financing and financial crime. These have largely been implemented in the UK. EU legislation has also been introduced to harmonise anti-money laundering regimes across the EEA and to lift standards across the bloc, also transposed in the UK.
14.2.1 International standards and the Financial Action Task Force
The Financial Action Task Force (FATF) is an international body formed by ministerial representatives in various countries in 1989, in order to explore international standards, as well as secure international cooperation in combatting money laundering, terrorist financing and other related threats to the integrity of the international financial system.9 The FATF currently has 36 member countries and is chaired by a rotating presidency amongst its members. Each presidency has a tenure of a year. FATF meetings occur twice yearly in order to determine strategic directions pursuant to its objectives above.
The FATF introduced its pioneering 40 recommendations for combatting money laundering in 1990. These have since become the starting point for many countries’ anti-money laundering laws, including the UK. The recommendations include the setting up of new institutions and regulatory regimes, and the imposition of new regulatory responsibilities, duties, and obligations on entities likely to come into contact with ‘dirty money’. They include:10 (a) criminalising the offence of money laundering; (b) establishing enforcement agencies in member states to investigate and enforce against criminal property; (c) establishing financial intelligence units in all member countries that may receive reports on transactions and monitor money laundering; (d) imposing on businesses, financial institutions and professional services that may risk coming into contact with laundered money the obligations to detect signs of money laundering; (e) imposing on financial institutions extensive duties in relation to preventing money laundering or reporting suspicious transactions; and (f) compelling all member countries to render to each other mutual legal assistance and other forms of international cooperation such as information assistance in enforcement against money launderers.
The 40 recommendations form the backbones of an anti-money laundering regime that includes prevention and enforcement. Preventive monitoring is carried out by gatekeepers of ‘placement’ and ‘layering’ activities, now designated under regulation. These are banks, financial institutions, professional services, and other businesses such as casinos and real estate agencies. In particular banks and financial institutions are imposed with the most extensive gatekeeping obligations that involve customer due diligence, monitoring and reporting, all of which will be discussed in sections 14.3 and 14.4. In terms of enforcement, specialist agencies are required to be set up in member countries to have extensive powers of intelligence, investigations, and enforcement, p. 684↵and to render each other mutual legal assistance where cross-border elements are involved.
In 2001, the FATF supplemented the 40 recommendations with nine special recommendations on terrorist financing.11 These require member countries to ratify and to implement fully the 1999 UN International Convention for the Suppression of the Financing of Terrorism, to criminalise the financing of terrorist activities, to introduce a suite of extensive investigative and enforcement powers against terrorist finance and assets, and to impose on banks and financial institutions, as well as other businesses involved in transferring money (such as cash couriers, wire transfer services etc) monitoring and reporting obligations in order to perform a gatekeeping role in disrupting terrorist financing.
The FATF standards have since been revised and updated12 and the consolidated version of the standards is set out in Box 14.1. There are now 40 standards that deal with both anti-money laundering and countermeasures to terrorist financing.
Box 14.1 FATF Standards (Consolidated) as of 2012
Member countries should assess their exposure to money laundering and terrorist financing risks and adopt a risk-based approach in designing policies and dedicating resources to combat these.
Member countries should ensure that their national agencies in intelligence and enforcement are able to coordinate with each other in combatting money laundering and terrorist financing.
Member countries should criminalise money laundering.
Member countries should introduce extensive enforcement powers to freeze, seize and confiscate criminal property.
Member countries should criminalise terrorist financing, whether directed at acts, individuals, or terrorist organisations.
Member countries should apply financial sanctions in order to prevent or suppress terrorism and terrorist financing.
Financial sanctions should be extended to the proliferation of weapons of mass destruction and its financing.
Member countries should apply proportionate but targeted measures at non-profit organisations that may be vulnerable to terrorist financing. (This may include enforcement against assets directed at or transferred via organisations such as charities and religious organisations).
Member countries should ensure that financial institution secrecy laws do not inhibit implementation of anti-money laundering and counter-terrorist financing regulations.
Financial institutions must undertake customer due diligence including the identities of beneficial owners of interests, in the establishment of business relationships and on an ongoing basis.
Financial institutions must maintain customer and transaction records for at least 5 years.
Financial institutions must conduct enhanced due diligence and ongoing monitoring of politically exposed persons.
Financial institutions should ensure that correspondent banks are able to perform customer due diligence and institute adequate internal controls to combat money laundering.
Member countries should ensure that all money transfer services operating in their jurisdictions are licensed and subject to regulatory compliance and supervision in relation to anti-money laundering.
Member countries should constantly assess money laundering or terrorist financing risks that may arise due to the development of new products, services, and technology.
Member countries must implement common standards to ensure that all wire transfers are carried out based on accurate originator and beneficiary information.
Financial institutions may outsource their customer due diligence processes but must monitor and ensure that such outsourcees are able to comply with regulatory requirements.
Financial institutions are to apply internal control programmes in anti-money laundering and terrorist financing across the entire international financial group.
Financial institutions are to apply enhanced due diligence measures in all business relationships with countries identified as ‘higher risk’ by the FATF.
Financial institutions must report suspicious transactions.
Financial institutions and their employees are protected in civil immunity in relation to the reporting above but must not disclose such reporting (‘tipping off’).
Designated customer due diligence and reporting obligations are imposed on other businesses exposed to money laundering and terrorist financing risk such as casinos, real estate agents and professional services.
Legal and beneficial ownership of legal persons and other legal arrangements such as trusts are to be made available to authorities in a timely fashion.
Financial institutions are to be subject to adequate regulation and supervision in anti-money laundering and counter-terrorist financing.
National supervisors and enforcement agencies should have extensive investigative and supervisory powers, and a range of sanctions should be available in enforcement.
Designated non-financial businesses exposed to money laundering and terrorist financing risks should be authorised, regulated, and supervised.
Member countries should establish financial intelligence units to receive and analyse suspicious transaction reports and other information relating to money laundering.
Law enforcement agencies should act in a pro-active manner in investigations and render assistance as well as cooperate with each other across member countries.
Member countries should establish a system for declarations by cash couriers and have the powers to stop and detain the transportation of such cash.
Member countries must maintain statistical records of the efficiency and efficacy of their anti-money laundering and counter-terrorist-financing systems.
Member country intelligence, regulatory and enforcement agencies should establish guidelines and feedback channels to assist financial institutions and designated non-financial businesses in their regulatory compliance.
Member countries should ratify and fully implement the listed international conventions on corruption, money laundering, terrorism, and cybercrime.
Member countries should render each other mutual legal assistance in investigations and enforcement.
Member countries should constructively and effectively execute extradition requests in relation to money laundering and terrorist financing, without undue delay to avoid providing a safe haven for indicted persons.
Member countries should engage in other forms of international cooperation in relation to anti-money laundering and counter-terrorist-financing including formalising such arrangements in Memoranda of Understanding.
p. 686↵The FATF carries out ‘mutual evaluations’ that are peer reviews of member countries’ anti-money laundering and counter-terrorist financing systems. Such evaluations are a form of internationally persuasive peer pressure for member countries in order to ensure that they effectively implement the Recommendations. Mutual evaluations are carried out on the basis of the latest standards (in this case the 2012 standards in Box 14.1) and clearly communicated to the relevant member countries. Such evaluations are carried out after on-site visits and inspections by the FATF. The procedures that the FATF will apply in relation to its on-site visits and inspections are detailed in its evaluation template.13 The results of each mutual evaluation are published for public transparency.
The FATF also carries out reviews of all countries whether member countries or otherwise three times a year in order to highlight ‘high-risk’ jurisdictions where anti-money laundering and counter-terrorist financing laws and compliance are weak.14 Such reviews are carried out by examining publicly available information in terms of published laws, institutional architecture, and enforcement information. As ‘high-risk’ jurisdictions can be subject to member countries’ financial sanctions according to the FATF standards, identified jurisdictions may be incentivised to improve on their anti-money laundering and counter-terrorist financing measures.
p. 687↵The FATF’s ‘soft law’ has largely achieved success in the legalisation of anti-money laundering and counter-terrorist financing regulations in member countries and around the world. Further, its ‘soft supervision’ in mutual and high-risk evaluations has created pressures and incentives for national governments to take legalisation and enforcement seriously.
Further, where countries are in receipt of aid from the International Monetary Fund, these countries are subject to a yearly Financial Sector Assessment Plan, which includes a peer review of the countries’ implementation of the Recommendations. The effective implementation of these Recommendations often forms a basis for eligibility in continuing to receive aid.
Other international organisations also support the FATF’s efforts at anti-money laundering and counter-terrorist financing. For example, the Financial Stability Board (FSB) has led efforts to develop a common standard in the form of the ‘Unique Transaction Identifier15’ for all financial transactions so that financial transaction records can be standardised. The Identifier contains information on the identities and interests of transacting parties and facilitates tracing of financial transactions trails, so as to disrupt the layering processes in money laundering. Although the development of the Identifier is aimed at a variety of regulatory objectives including surveillance for macro-prudential regulation (see Chapters 6 and 7), it can be used for surveillance in relation to financial crime. Further, international agencies such as Interpol and the OECD carry out leadership in developing standards for combatting various forms of financial crime such as cybercrime, bribery/corruption, and tax evasion.16
14.2.2 Harmonising legislation in the EU
The international standards issued by the FATF were promptly implemented in the European Economic Area (EEA) in the first Anti-money Laundering Directive in 1991. This has since been superseded by the second and third Anti-money Laundering Directives in 2001 and 2005 respectively that incorporated counter-terrorist financing standards and standards of gatekeeping imposed on a wider scope of businesses and services exposed to money laundering risk. The 2005 Directive also dealt specifically with the making of payments or carrying of cash as these can be made by entities that are not regulated banks and financial institutions.17
p. 688↵Following the revision of the FATF standards in 2012, the EU introduced the fourth Anti-money Laundering Directive 2015, consolidating the 2005 Directive and secondary legislation.18 In recognition of the payment services industry that may be different from the banking and finance sector, a regulation19 is also introduced to accompany the 2015 Directive that now consolidates and adds to the previous requirements in secondary legislation relating to wire transfers. The 2015 Directive provides harmonising principles for all member states in relation to the institutional architecture, policies and regulatory frameworks against money laundering and terrorist financing. The 2015 Directive has since been amended20 by policymakers to include new payment services providers such as virtual currency exchange providers within the scope of anti-money laundering regulation, so that loopholes can be closed in relation to the migration of money laundering activities through unregulated virtual currency (such as bitcoin) transactions.
Further, European authorities perform the role of assessing their member states’ implementation of anti-money laundering regulations in order to adhere to the FATF’s Recommendations. Member States are asked to assess the effectiveness of their policies, regulation, and implementation according to a risk-based approach, that is, to show that the highest risks are given emphasis and that regulatory efforts are proportionate to the level of money laundering risk posed. National assessments are reported to EU authorities who may conduct separate EU-wide risk assessments. The EU-wide assessment is carried out by the Joint Committee of the European Banking Authority (EBA), European Securities and Markets Authority and European Insurance and Occupational Pensions Authority (discussed in Chapter 7). The Joint Committee has produced a template of issues to consider and reflective questions for regulators in order to help them develop risk assessment frameworks and the development of policies in response.21 The Joint Committee further surveys the EU’s financial sector regularly in order to highlight key risks.22
p. 689↵The EBA has a specific role in providing technical standards23 and guidelines24 to banks and financial institutions so that they can effectively comply with regulations in anti-money laundering and counter-terrorist financing. National authorities are to regularly review their supervisory plans and these are subject to guidance from the EBA so as to achieve convergent supervisory approaches across the EU (see Chapter 7, section 7.2).
14.2.3 Implementation in the UK
The key piece of UK legislation that implements the relevant FATF standards and EU legislation is the Proceeds of Crime Act 2002, which has been amended in 2005, 2007, 2009, 2011, 2013, 2014, 2015, and 2017. It is supported by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which implements the EU’s 2015 Directive. The Terrorism Act 2000 deals with counter-terrorist financing measures and liability, and the Act has been amended by subsidiary legislation introduced in 2010, 2012, 2013, 2014, and 2016. As sections 14.3–14.5 highlight, this chapter will focus on the substantive issues relating to the banks and financial institutions’ gatekeeping duties and liabilities. Institutions whose financial activities are limited or ancillary, such as amounting to less than £100,000 on a yearly basis or less than 5 per cent of their annual turnover (as long as they are not carrying out payment or remittance services) are exempted from the scope of these obligations.25 A financial transaction that is less than €1,000 in value is also exempted from the regulatory regime.26
The institutional architecture in the UK for combatting money laundering and terrorist financing comprises of government and statutory agencies. At the government level, the Home Office and Treasury have led policy making in anti-money laundering and counter-terrorist financing.27 The key regulatory, supervisory and enforcement authorities are the National Crime Agency (NCA), Financial Conduct Authority (FCA) in supervising banks and financial institutions’ gatekeeping roles and other regulators. The Proceeds of Crime Act 2002 initially set up an Assets Recovery Agency to be p. 690↵dedicated to investigations, enforcement, and confiscation of criminal property. The Agency, however, failed to achieve its recovery targets, and its underperformance was highlighted in the National Audit Office report in 2007, which warned that the Agency would unlikely become self-financing.28 The Agency suffered from various problems including inefficiencies in case management and high expenditures in training. It was closed and merged with the agency in the UK responsible for serious organised crime, the Serious Organised Crime Agency. However, the Serious Organised Crime Agency itself was dissolved to form the NCA in 2013, absorbing a number of units for combatting various crimes including child exploitation, wildlife crime, cybercrime etc. We now turn to the architecture of the regulatory, supervisory and enforcement authorities in the UK.
220.127.116.11 National Crime Agency
The NCA is the UK’s primary agency in assessing money laundering and terrorist financing risks overall.29 The NCA is the authority envisaged in the FATF standards to undertake risk assessments and to take a risk-based approach to combatting money laundering and terrorist financing. The EBA has issued a guidance on how national authorities should undertake risk assessments in their jurisdictions of money laundering and terrorist financing risks, promoting a convergent approach in the EU overall.30
The NCA is tasked with investigatory and enforcement powers over serious organised crime in the UK. For the purposes of this chapter, the NCA has responsibilities for pursuing money launderers and those involved in terrorist financing, asset recovery of criminal property, and receiving suspicious transaction reports as the Financial Intelligence Unit (in accordance with the FATF standards). It has other responsibilities in relation to pursuing organised crime such as drug dealing, corruption cases and cybercrime.
The NCA coordinates with police forces across the UK and intelligence units in order to discharge its responsibilities in combatting serious organised crime.31 The NCA’s intelligence and enforcement powers are significantly enhanced in the Criminal Finances Act 2017 amending the Proceeds of Crime Act 2002. In particular, the NCA is able to request the court to make ‘unexplained wealth orders’ against persons in relation to suspect property valued at least £100,000 in order to gather more intelligence p. 691↵on potential criminal property. The NCA’s enhanced enforcement powers include the seeking of interim freezing orders for unexplained wealth, account freezing orders against accounts in banks and financial institutions, and longer periods for the completion of investigations where customers’ payment transactions have been interrupted (to be discussed below in section 14.5).
It may be curious to note that it is the American Department of Justice and not the NCA that has levied significant fines upon key UK bank groups in relation to money laundering offences. HSBC was fined $2 billion for the part played by its Mexico outfit in facilitating money laundering by customers involved in drug dealing offences and in significant sums.32 Standard Chartered was accused of facilitating money laundering in relation to Iran and settled with the Department of Justice at $340 million. It was required to establish anti-money laundering controls and be monitored by the Department for 2 years at least.33 In addition the US Department of Justice meted out a $630 million fine to Deutsche Bank for money laundering failings in relation to its Russian and London offices,34 and continues to remain on the offensive in policing money laundering with global implications.35
18.104.22.168 Financial Conduct Authority
The FCA regulates banks and financial institutions in terms of duties imposed on them for preventing and detecting money laundering and terrorist financing. These duties in relation to anti-money laundering compliance are discussed in sections 14.3 and 14.5. The FCA’s supervisory remit includes banks’ and financial institutions’ customer due diligence and procedures, and banks’ and financial institutions’ systems and controls for combatting money laundering and terrorist financing and the governance of such systems (see later).36 The FCA regularly surveys its regulated entities in order to build up perspectives of the risk factors in various parts of the financial sector, such as in trade finance,37 asset management38 and banks.39
p. 692↵Further, the FCA is also designated the Payment Services Regulator, and performs the role of authorising payment services providers (consistent with the requirements of EU legislation discussed above)40 as well as supervising their compliance with similar duties in anti-money laundering compliance.41
The FCA is able to take enforcement action against its regulated entities if it is of the view that banks and financial institutions have failed to conduct procedures or maintain systems and controls appropriate for monitoring money laundering and terrorist financing. These enforcement actions can take place even if the money laundering or terrorist financing offences have not been established as such against banks, financial institutions, or their customers. Individuals responsible for anti-money laundering control under the Senior Managers Regime (discussed in section 14.5) can also be held personally responsible for breach of duties. Enforcement can be carried out by public censure, fine of the institution as well as public censure, fine and/or disqualification of the individual concerned.42
It is queried why the FCA is not given a share of the NCA’s intelligence role in receiving and analysing suspicious transaction reports (see section 14.4). This would potentially spread the workload in monitoring suspicious transactions and ‘giving consent’ (discussed in section 14.4) so that the NCA is not overwhelmed.43
Box 14.2 provides two examples of the FCA’s enforcement actions against banks in the UK for failing to implement adequate customer due diligence procedures and anti-money laundering controls therefore in breach of regulatory duties. These incidents are themselves enforceable even if the money laundering offence has not been established against the banks concerned or their customers. The regulatory enforcement therefore provides a deterrent signal to banks to take their regulatory duties seriously as part of their gatekeeping roles against financial crime.
Box 14.2 FCA enforcement examples
Enforcement Action by the FCA, 15 May 2012: Habib Bank AG Zurich was fined £525,000 for generally failing to put in place adequate policies for carrying out a duty of enhanced due diligence (see section 14.3) for customers that warranted that treatment. The Money Laundering Reporting Officer (MLRO) of the bank was also individually fined £17,500.
Enforcement Action by the FCA, 23 January 2014: Standard Bank was fined £7.6 million for failing to conduct enhanced due diligence for customers that are connected to politically-exposed persons (see section 14.3), exposing the bank to serious risk of money laundering in high-risk African jurisdictions.
22.214.171.124p. 693 Other regulators
Other regulators within the scope of anti-money laundering and counter-terrorist financing regulation are also expected to regulate and oversee their regulated entities’ compliance with the regulatory duties to gate-keep money laundering and terrorist financing. For example, the Gambling Commission, which licenses gambling services providers (such as casinos), makes the prevention of financial crime a condition of licensing. Further a code of practice is issued for adherence by all licensed gambling providers to gate-keep against financial crime.44
In light of the 2016 Action Plan45 that is intended to strengthen supervisory endeavours and coordination across various sectors in order to foster an intolerant and hostile environment for financial crime, the Treasury has established a new regulatory body for membership associations or bodies for professional services, the Office for Professional Body Anti-Money Laundering Supervision (OPBAS).
This Office, established in January 2018, oversees membership associations or bodies for professional services providers such as lawyers, accountants, tax advisors, insolvency practitioners and book-keepers. Professional services providers may in the course of business come across signals or information of money laundering or terrorist financing, and it is the duty of their membership associations or bodies to provide guidance and supervision on how professional services providers should gate-keep money laundering and terrorist financing activities. OPBAS requires professional services membership associations or bodies to provide industry-wide as well as specific guidance to firms based on a risk-based approach, and to effectively supervise their members by carrying out inspections, audits, thematic reviews, interviews with senior management, surveys, and questionnaires. Professional services membership associations or bodies must also be prepared to share information and intelligence with the authorities.46
The OPBAS functions as a meta-regulator as it does not directly regulate professional services providers. These remain overseen by their membership associations and bodies, but OPBAS’ role is to ensure that these membership associations and bodies are robustly assisting and overseeing their members in gatekeeping money laundering and terrorist financing. Membership associations and bodies are respected by their members, but they may also be beholden to their members as they are funded by their members. For example, accountants’ audit conduct is no longer subject to the membership body’s supervision as a regulatory body, the Financial Reporting Council is regarded p. 694↵as more effectual and credible. Perhaps the meta-regulatory role of OPBAS is a signal that more direct supervision can be introduced for professional services firms if their membership associations or bodies fail to undertake supervision effectively.
The FATF provides leadership at the international level for the development of anti-money laundering and counter-terrorist financing architecture, standards, and powers in member countries and the rest of the world.
The FATF issues Standards by which to evaluate member countries. It also evaluates non-member countries in order to identify ‘high-risk’ countries. ‘High-risk’ countries are pressured to elevate their anti-money laundering standards in order not to suffer from constraints in dealings with member countries.
EU legislation has comprehensively implemented the FATF standards.
The Joint Committee of EU agencies (EBA, ESMA, and EIOPA) is tasked with the responsibility of evaluating EU-wide money laundering and terrorist financing risks on a regular basis.
The UK has also implemented the FATF standards in transposing EU legislation in its Proceeds of Crime Act 2002 and in subsequent amendments, and the Terrorism Act 2000 with subsequent amendments.
EU legislation has been implemented in the Money Laundering Regulations 2017 in the UK.
The UK government takes leadership on anti-money laundering and counter-terrorist financing policies.
The architecture of regulatory, supervisory and enforcement agencies comprises the NCA, the FCA and other regulators such as the Gambling Commission, Office of Professional Body Anti-Money Laundering Supervision.
Proceeds of Crime Act 2002
Terrorism Act 2000
Money Laundering Regulations 2017
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC
Amending Directive 2018 TBC
Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006
p. 695Reports and official papers
FATF, International Standards on Combatting Money Laundering and the Financing of Terrorism and Profliferation (2012) at http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf
Joint Committee, Preliminary Report on Anti-Money Laundering and Counter Financing of Terrorism Risk Based Supervision (October 2013) at https://www.eba.europa.eu/documents/10180/16145/JC-2013-72+%28Report+on+Risk+Based+Supervision%29.pdf.
EBA, On the Characteristics of a Risk-Based Approach to Anti-Money Laundering and Terrorist Financing Supervision, and the Steps to be Taken When Conducting Supervision on a Risk-Sensitive Basis (16 November 2016) at https://www.eba.europa.eu/documents/10180/1663861/Joint+Guidelines+on+Risk-Based+Supervision+%28ESAS+2016+72%29.pdf/7159758d-8337-499e-8b12-e34911f9b4b6
NCA, The NCA Commitment to Working in Partnership with UK Operational Partners (August 2015) at http://www.nationalcrimeagency.gov.uk/publications/178-the-nca-commitment-to-working-in-partnership-with-uk-operational-partners/file
14.3 Due diligence
The regulatory duty of due diligence imposed on banks, financial institutions, and other entities within the scope of the Money Laundering Regulations 2017 is key to preventing and identifying potential money laundering. In essence due diligence refers to banks gaining adequate knowledge about their customers in order to ascertain that their transactions do not infringe anti-money laundering laws. What this entails will be explored below. The EU 2015 Directive, transposed in the UK Money Laundering Regulations 2017, imposes due diligence obligations for a range of businesses including payment services providers such as pre-paid electronic money instruments, money remitters, trade finance providers, real estate agents, casinos, and of course, banks and financial institutions. The standards of due diligence in the UK are also further extrapolated by a voluntary association established by UK banks, the Joint Money Laundering Steering Group (JMLSG).
The Steering Group is a trade body comprising of industry representatives working with the Bank of England to produce guidance for the industry to comply with anti-money laundering and counter-terrorist financing regulation.47 The Guidance is endorsed as part of the regulatory framework as it is recognised as guidance issued by a trade body capable of being used to determine if a bank has breached its anti-money laundering obligations.48 Such guidance needs to be approved by the Treasury and published in order to be used as the basis for enforcement.49 The Guidance is aimed
Box 14.3 When banks need to conduct customer due diligence (Article 11, AML Directive 2015, s27, Money Laundering Regulations 2017)
establishing a business relationship;
carrying out an occasional transaction that:
amounts to EUR 15 000 or more, whether that transaction is carried out in a single operation or in several operations which appear to be linked; or
constitutes a transfer of funds exceeding EUR 1 000;
in the case of persons trading in goods, when carrying out occasional transactions in cash amounting to EUR 10 000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
for providers of gambling services, upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to EUR 2 000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
upon suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;
when there are doubts about the veracity or adequacy of previously obtained customer identification data.
p. 696↵at giving banks concrete directions for compliance, a prescriptive task that, if not delegated successfully to the JMLSG, would have to be undertaken by the FCA.
Banks are required to conduct customer due diligence in the circumstances listed in Box 14.3. These in essence prevent banks from servicing anonymous accounts.50
A ‘business relationship’ is defined as a business, professional or commercial relationship that arises in the course of business of the bank or financial institution, and is expected to have an element of duration after contact is established.51 An ‘occasional transaction’ is defined as a transaction that is not part of a ‘business relationship’ as defined above.52 A ‘beneficial owner’ in relation to a body corporate (including a limited liability partnership), is defined as an individual who ultimately controls the body corporate or who holds at least 25 per cent of the shares or voting rights in the body corporate.53 A beneficial owner in relation to a trust refers to an individual who is able to control the trust (to exercise specified powers in the Money Laundering Regulations 2017) or benefits from the trust, including the settlor, trustees, beneficiaries and any other individual able to control the trust.54
p. 697↵Customer due diligence applies to the establishment of a business relationship as well as ongoing business carried on in that relationship as long as any of the thresholds above are met. Banks are prohibited from carrying out any transaction for the customer until due diligence is completed,55 but in certain cases this prohibition is qualified.
A bank account can be opened pending the completion of customer due diligence as long as transactions are not carried out on the account.56 In cases of ‘low risk’ (to be discussed shortly), the customer’s transaction can be uninterrupted ‘for the purposes of the normal course of business’ as due diligence is being completed.57 Where payment service providers issue a customer with electronic money instruments, they can be exempted from customer due diligence at very low thresholds, such as where the payment instrument is not loaded beyond €250 or cannot be made to make payments above €250 per month, and where the instrument is not anonymous and subject to adequate safeguards and conditions.58 The UK will apply the higher permitted threshold of €500 instead.59 Banks need to monitor and review their customer relationships generally, especially if any changes are detected to the customer’s risk profile.60
14.3.1 What is required in customer due diligence?
Banks are required to carry out several key tasks in customer due diligence in order to assess the risk of money laundering. The key tasks are:
Identifying and verifying the customer’s identity on the basis of information or documentation from an independent and reliable source.
Identifying and verifying a body corporate’s identity and ley information such as the identities of senior management.
Identifying and verifying the identity of any beneficial owner.
Establishing the intended nature and purpose of the business relationship or occasional transaction.
Construct a risk profile for each customer by assessing the level of risk posed by each customer, such as in relation to the intended purpose or nature of the business relationship, the level of assets deposited by the customer or size of p. 698transactions the customer wishes to carry out, and the regularity and duration of the business relationship.
Conducting ongoing monitoring of the business relationship to ensure that transactions are consistent with the bank’s knowledge of the customer’s risk profile.
Reviewing the existing records of customer due diligence and ensure that they are kept up-to-date.61
126.96.36.199 Identity establishment and verification
First, in terms of verifying an individual’s identity, the bank must use ‘reliable’ and ‘independent’ sources of information, such as passports and driving licences issued by public authorities.62 Increasingly as customers’ identity information may be held by electronic sources of information, banks may have to verify with such sources. The above information should as far as is possible be obtained from public sector, governmental or regulated bodies,63 but commercial sources may also be used as long as banks are satisfied of the extensiveness, reliability, and credibility of such commercial sources. Even social media sources may be used for corroborating effect. The public and reliable sources of information that banks are encouraged to consult by the EBA include the European Commission’s supranational risk assessment, information from governments, regulators, intelligence and enforcement agencies, information from professionals and experts, trade and industry bodies, international standard-setting bodies, civil society, media sources, commercial organisations that provide risk and intelligence information, statistical organisations and academia.64 The lack of provision of relevant expected documentation may not necessarily stop banks from conducting business with the customer if a risk-based approach is taken in assessing particular customers such as financially excluded customers, young customers, customers whose gender assignment is non-standard, customers lacking in capacity to manage own financial affairs, and international students.65
In relation to a body corporate, a bank must verify identity information in relation to the name and registration number of the body corporate, its registered office, the law to which the body corporate is subject (or the law of its incorporation), the body corporate’s constitution, the full names of its Board of directors and senior management.66
In relation to verifying the identity of a beneficial owner, the bank must establish the identity of the natural person who is the beneficial owner, or where the beneficial owner is a legal person, to establish the structure involving the beneficial owner. Such verification goes beyond checking the register of persons with significant control in company or partnership registers.67 It is envisaged that banks may use commercial sources that p. 699↵provide electronic means of verification, but banks need to understand the sources of information checked by such commercial providers and the basis for any scoring or rating system used by such commercial providers in order to rely on their verification.68
188.8.131.52 Constructing a risk profile of each customer
Next, banks need to construct a risk profile for each customer. The risk factors are in relation to ‘customer risk factors’, ‘geographical risk factors’, ‘product and services risk factors’, ‘transaction risk factors’ and ‘delivery channel risk factors’.69 The EBA has developed detailed guidelines to elaborate on elements of each risk factor,70 and to assist banks to ‘risk-weight’ elements in each risk factor in order to arrive at an appropriate risk profile for the customer.71 This approach is methodical and compels the bank to give an informed and intelligent consideration to each customer.
Customer risk factors include the customer’s or beneficial owner’s business or professional activities, reputation, and behaviour. These are ascertained against a non-exhaustive checklist of questions that banks should obtain satisfaction, such as whether any previous media report or suspicious reporting activities affects the customer’s reputation, whether the customer has complex business structures or behaviour in secrecy that may give an indication of the customer’s behaviour, and so on. Banks may wish to gather information on the following:72
nature and details of the business/occupation/employment;
record of changes of address;
the expected source and origin of the funds to be used in the relationship;
the origin of the initial and ongoing source(s) of wealth and funds (particularly within a private banking or wealth management relationship);
copies of recent and current financial statements;
the various relationships between signatories and with underlying beneficial owners; and
the anticipated level and nature of the activity that is to be undertaken through the relationship.
Box 14.4 sums up the categories of risk factors banks need to consider in assessing customers and will be elaborated further.
Customer risk factors include the customer’s or beneficial owner’s business or professional activities, reputation, and behaviour. These are ascertained against a non-exhaustive checklist of questions that banks should obtain satisfaction, such as whether any previous media report or suspicious reporting activities affects the customer’s
Box 14.4 Categories of risk factors
Products and services
p. 700↵reputation, whether the customer has complex business structures or behaviour in secrecy that may give an indication of the customer’s behaviour, and so on.
‘Geographical risk factors’ relate to the customer’s main locations of business and locations with which the customer has personal links. Banks need to ascertain whether the customer is associated with ‘high-risk’ countries. A Commission Regulation73 flanks the 2015 Directive by setting out ‘high-risk’ countries where anti-money laundering and counter-terrorist financing controls and regulation are weak. There are currently 11 countries on the list. Banks also need to assess whether customers’ identified geographical links are in jurisdictions of equivalent anti-money laundering regulation comparable to the EU, and whether these jurisdictions may be of dubious reputation, such as in relation to providing tax or secrecy havens, or are politically unstable.
‘Product, services and transactions risk factors’ include the transparency, complexity and value/size of the financial product, service or transaction to be undertaken by the customer. Banks may ascertain these risk factors by finding out about the structures involved, whether multiple parties or jurisdictions are involved, whether there are high value and/or cash intensive components, and whether there are innovative aspects such as involving new technology.
‘Delivery channel risk factors’ refer to whether the bank’s relationship is conducted on a face-to-face basis or otherwise, and whether other intermediaries or third parties may interpose in the relationship. Banks need to ascertain if the customer is physically present for identification purposes and whether the customer has been introduced via intermediary or regulated channels.
Where banks conduct business with their customers in specific contexts, additional elements of risk factors may be prescribed. The following provides some examples but these are not exhaustive.
p. 701Issuing electronic money
Where banks issue electronic money, for example, in pre-paid cards, specific elements in risk factors are further prescribed by the EBA. For example, banks need to consider the number of transactions that can be carried out and limits on transactions (under ‘product, services or transactions risk factors’) and whether the customer’s address or online IP address has changed (in relation to ‘customer risk factors’).
Remittance or wire transfer
In terms of money remittance or transfer services, banks are subject to an EU Regulation that supports the 2015 Directive. The Regulation applies more widely to all payment transfer intermediaries, recognising that not only banks and financial institutions are payment service providers.74 The Regulation deals with standardising the information needed for payment transfers to be made within and from any member state, and the right of payment intermediaries to reject or suspend payments in the event of missing information, such as related to the payee.75 Standardised information goes some way to assisting banks in their due diligence compliance. The EBA has identified that in funds transfers where payment information is incomplete, higher risk entails and banks need to carry out real-time monitoring and robust back-testing of samples of transactions.76 Moreover, the EBA prescribes that banks need to pay attention to specific elements in risk factors, such as the reputation and nature of receiving agents (under ‘delivery channel risk’) and the reputation of the receiving jurisdiction in relation to organised crime levels and the establishment of formal banking systems (under geographical risk factors).
Private wealth management
For private wealth management, banks are asked to ascertain specific elements of ‘customer risk factors’ in relation to source of wealth in particular whether any connection is made to arms or extractive industries and whether the customer has connections with secrecy havens.
Where banks conduct trade finance, specific elements of customer risk factors include whether the buyer and seller of purported goods are the same legal or beneficial person. Banks need to ascertain whether any unusual features exist in the proposed transaction compared to the customer’s previous ones (under product, service, or transactions risk factors).
p. 702Asset management
Where banks carry out investment or asset management, particular elements of customer risk factors include whether the customer is an unregulated or offshore entity. Banks should also be mindful of the size and purported redemption by the customer (in relation to ‘product, services or transaction risk factors’).
The requirements of due diligence in terms of information gathering and assessing information against risk factors may be an arduous task, and in pursuing efficiency, technological systems can be deployed in facilitating or carrying out customer due diligence. Technological or automated systems can engage in rapid data collection, efficient alert management and prioritisation, advanced case management, ad hoc investigation, integrated research tools, and comprehensive centralised audit trails and reporting.77 Although much importance is placed on banks complying with their customer due diligence obligations, exceptional policies are to be put in place for possibly financially excluded customers who may be unreasonably denied access to financial services.78
14.3.2 Simplified due diligence
Banks may conduct simplified due diligence in areas of ‘lower risk’ but subject to ongoing monitoring.79 Simplified due diligence means that banks may be able to adjust the extent, timing or type of due diligence carried out,80 while maintaining the normal standards of due diligence as a starting point. This may mean that banks may be able to carry out due diligence less intensely or at later points in time, although no specific guidance is prescribed. Banks may treat the existence of certain elements of risk factors (as discussed above) as indicating the appropriateness of applying simplified due diligence. These elements are set out in Table 14.1.
Where banks consider it appropriate to carry out simplified due diligence for customers, based on one or more of the elements above, banks should recognise that the existence of such elements are not conclusive evidence of ‘low risk’ and should exercise their discretion with care. The elements listed above are also not comprehensive.81 Further, banks should keep under review the use of simplified due diligence measures and continue to monitor the customer’s activities for any unusual signs. Where banks doubt the veracity of any information supplied by the customer, or the risk assessment of the customer changes, or the conditions for enhanced due diligence (below) are met or money laundering or terrorist financing is suspected, banks must cease to apply simplified due diligence.
Table 14.1 p. 703 Risk Factors for ‘Lower Risk’ Areas Qualifying for Simplified Due Diligence
Customer risk factors
public companies listed on a stock exchange and subject to adequate rules of the exchange, such as disclosure requirements that ensure adequate transparency of beneficial ownership
a credit or financial institution subject to the EU 2015 Directive and supervised for compliance with the Directive’s requirements
public administration, or a publicly-owned enterprise
individual resident in a geographical area of lower risk (read with geographical risk factors below)
Product, Service, Transaction or Delivery Channel risk factors:
life insurance policies for which the premium is low (for example small regular premiums paid by direct debit or for policies with no investment value)
insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral
a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme
financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes
products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership
Child trust funds and junior ISAs as defined under relevant legislation
Geographical risk factors
An EEA member state
third countries that have effective anti-money laundering and counter-terrorist financing systems
third countries identified by credible sources as having a low level of corruption or other criminal activity such as terrorism (within the meaning of s1 of the Terrorism Act 2000(94)), money laundering, and the production and supply of illicit drugs
third countries that, on the basis of credible sources, such as evaluations, detailed assessment reports or published follow-up reports published by the FATF, the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development or other international bodies or non-governmental organisations, have in place effective systems to implement the requirements of the FATF Recommendations of 2012 updated as of 2016
14.3.3 Enhanced due diligence
In some cases, banks are obliged to carry out enhanced due diligence. These are situations where a relatively higher risk of money laundering or terrorist financing may be involved. The FCA is in particular keen on monitoring banks’ compliance p. 704↵with enhanced due diligence obligations as the enforcement examples we discussed in section 14.2 show. In these cases, banks had failed to ensure that systems were established for identifying cases for enhanced due diligence and to carry out such due diligence.
Enhanced due diligence is to be carried out by banks in the following situations:82
where high risk is identified after the bank has constructed a risk profile in normal due diligence procedures already discussed;
a business relationship or transaction involves a person established in a high-risk jurisdiction;83
where the transaction is unusually large, complex or has no apparent legal or economic purpose;
where correspondent banking relationships are established in non-EEA countries;
where the customer has provided false or stolen identification; or
where the transaction by its nature gives rise to a higher risk of money laundering or terrorist financing.
Box 14.5 PEPs (Article 3, AML Directive 2015)
heads of state, heads of government, ministers, and deputy or assistant ministers;
members of parliament or of similar legislative bodies;
members of the governing bodies of political parties;
members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
members of courts of auditors or of the boards of central banks;
ambassadors, chargés d’affaires, and high-ranking officers in the armed forces;
members of the administrative, management or supervisory bodies of state-owned enterprises;
directors, deputy directors and members of the Board or equivalent function of an international organisation.
p. 705↵Table 14.2 sets out the indicative elements in risk factors that give rise to one of the above seven thresholds for conducting enhanced due diligence.
Table 14.2 Risk Factors for Higher Risk Triggering Obligations to Conduct Enhanced Due Diligence
Customer risk factors
the business relationship is conducted in unusual circumstances
the customer is resident in a geographical area of high risk
the customer is a legal person or legal arrangement that is a vehicle for holding personal assets
the customer is a company that has nominee shareholders or shares in bearer form
the customer is a business that is cash intensive
the corporate structure of the customer is unusual or excessively complex given the nature of the company’s business
Geographical risk factors
countries identified by credible sources as not having effective systems to counter money laundering or terrorist financing
countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism (within the meaning of s1 of the Terrorism Act 2000), money laundering, and the production and supply of illicit drugs
countries subject to sanctions, embargos or similar measures issued by, for example, the EU or the UN
countries providing funding or support for terrorism
countries that have organisations operating within their territory that are designated as proscribed under the UK Terrorism Act, or as terrorist organisations by the EU or UN
countries identified by credible sources as not implementing requirements to counter money laundering and terrorist financing that are consistent with the recommendations published by the FATF’s most recent recommendations.
NOTE in all cases credible sources refer to official evaluations and assessments such as by the EU, UN, OECD, IMF, World Bank
Product, services, and delivery channel risk factors
product involves private banking
the product or transaction is one which might favour anonymity
the situation involves non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures
payments will be received from unknown or unassociated third parties
new products and new business practices are involved, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products
the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in a third country
p. 706↵In relation to points above, enhanced due diligence involves:86
Taking additional steps to obtain independent and reliable sources to verify the customer and/or beneficial owner’s identity.87
Taking additional measures to understand better the background, ownership and financial situation of the customer, and other parties to the transaction, as well as the intended purpose and nature of the business relationship and/or transaction.
Taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship. For example, banks are required to put in place mechanisms to detect unusual transactions compared to the customer’s normal profile, and to require more information on the purpose of the transaction, the nature of the customer’s business.88
To subject the business relationship to greater degree and nature of monitoring, including greater scrutiny over transactions and to detect suspicious transactions.
Special steps in enhanced due diligence are applicable to (d) where correspondent banking relationships are established in third countries outside the EEA. Banks are prohibited from establishing correspondent relationships with ‘shell’ banks, that is, an institution carrying out banking services that is incorporated in a jurisdiction in which it has no physical presence, nor involving meaningful mind and management, and that is unaffiliated with a regulated financial group.89
In terms of the steps for enhanced due diligence, banks are required to gather sufficient information, such as from publicly available and credible sources, about the correspondent institution to understand fully the nature of the respondent’s business, reputation, and quality of supervision in relation to the correspondent institution. Banks also need to assess the correspondent institution’s controls in anti-money laundering and counter-terrorist financing. In particular, banks need to ascertain that if customers have direct access to the correspondent institution’s accounts (‘payable-through accounts’), that the correspondent institution has put in place customer due diligence and ongoing monitoring, and is able to supply the bank with such information if requested. The bank is required to obtain approval from senior management before establishing a new correspondent relationship, and to document clearly the respective responsibilities of each institution.90
Senior management is defined as ‘officer or employee with sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure, and need not, in all cases, be a member of the Board of directors.’91 The relevant person could be the designated MLRO (discussed in section 14.5) or a senior employee of equivalent stature.
p. 707↵The implementation of enhanced due diligence for correspondent banks has over the years resulted in many banks from Western jurisdictions terminating their correspondent relationships on risk-averse grounds, therefore making it difficult to facilitate even legitimate international flows of finance.92 This can result in practical impossibility for individuals working in the UK for example to send money home to a country that is listed as high-risk in the Commission Regulation mentioned above. The FATF and FSB are both concerned with regard to the overall decline in correspondent banking relationships. The FATF has now provided guidance to assist banks in more intelligently assessing correspondent banking risks and to manage risks by clear lines of responsibility and ongoing dialogue and monitoring.93 The FSB further undertakes to provide clearer regulatory guidance for correspondent relationships, supports public and private sector initiatives to build up the capacity of correspondent banks to meet anti-money laundering and counter-terrorist financing regulation.94 Such initiatives include standardisation of the due diligence items for banks.95
In relation to (e), enhanced due diligence is needed whenever a business relationship or transaction is carried out with a politically exposed person (PEP). PEPs are defined in Box 14.5.96 The family and known associates of PEPs are defined in Box 14.6.
Family members of politically exposed persons (Article 3, AML Directive 2015)
the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person;
the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person;
the parents of a politically exposed person.
Persons known to be close associates of a politically exposed person
natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a politically exposed person;
natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person.
p. 708↵No public function referred to in points (a)–(h) shall be understood as covering middle-ranking or more junior officials.
If a person has ceased to be a PEP, banks are to continue to apply enhanced due diligence to such a person for up to 12 months of the cessation of the person’s PEP functions or role.
Banks are required to adopt appropriate risk management procedures and systems to ascertain whether a customer or beneficial owner is a PEP, including whether the beneficiary of a life insurance policy or investment-related insurance policy is a PEP or a legal person whose beneficial owner is a PEP.97 Enhanced due diligence in relation to such persons includes the determination of the risk profile of such persons upon the conduct of normal due diligence procedures as discussed above, and taking appropriate enhanced due diligence procedures in accordance with such risk profile. Enhanced due diligence steps include the taking of adequate measures to establish the source of wealth and funds and carrying out of enhanced ongoing monitoring of the business relationship.98 Further, the establishment of any business relationship with a PEP must be subject to obtaining the approval of senior management. The UK will also institute a redress procedure for PEPs who wish to complain against their financial institutions by allowing them to access the services of the Financial Ombudsman’s Office.99
Banks are required to carry out customer due diligence at the establishment of business relationships with customers or for the carrying out of transactions.
Customer due diligence involves the verification of customers’ identities, including those of a beneficial owner, from reliable and credible sources of information that may be public or commercial, or even on social media.
Due diligence also involves the construction of a risk profile for customers based on the five-fold categories of customer risk, geographical risk, product or services risk, transactions risk, and delivery channels risk.
Due diligence is an ongoing obligation for banks as they are required to keep customers’ risk profiles under review and respond to changes in the risk profile.
Simplified customer due diligence may be warranted in specified situations.
Enhanced customer due diligence is required in areas of higher risk such as where a high-risk jurisdiction, as defined by an EU Commission Regulation, is involved, or where the nature of the transaction or the customer, such as being a politically-exposed person indicates signals of relatively higher risk.
p. 709 Non-exhaustive elements of risk factors under the five-fold categories are introduced to guide banks as to when simplified or enhanced due diligence may be appropriate. However, the determination of whether to apply such due diligence procedures remains to an extent discretionary, depending on the bank’s construction of the customer’s risk profile.
Anti-Money Laundering Directive (EU) 2015/849
Money Laundering Regulations 2017
Other reports or papers
EBA, Joint Guidelines Under Article 17 And 18(4) of Directive (EU) 2015/849 on Simplified and Enhanced Customer Due Diligence and the Factors Credit and Financial Institutions Should Consider When Assessing the Money Laundering and Terrorist Financing Risk Associated with Individual Business Relationships and Occasional Transactions (The Risk Factors Guidelines) (21 Oct 2015) at https://www.eba.europa.eu/documents/10180/1240374/JC+2015+061+%28Joint+Draft+Guidelines+on+AML_CFT+RFWG+Art+17+and+18%29.pdf
Joint Money Laundering Steering Group Guidance (January 2018) at http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current
Philip J Ruce, ‘Anti-Money Laundering: The Challenges of Know Your Customer Legislation for Private Bankers and the Hidden Benefits for Relationship Management (“The Bright Side of Knowing Your Customer”)’ (2011) 128 Banking Law Journal 548
14.4 Financial intelligence reporting
The UK has established the NCA to be the Financial Intelligence Unit responsible for receiving reports from banks, financial institutions and other designated businesses of suspicious transactions in relation to money laundering and terrorist financing.100 The UK Proceeds of Crime Act 2002 (and subsequent amendments) provide for the obligation to report suspicious transactions, on pain of criminal liability.101 This is discussed shortly in this section and in section 14.4.1.
The EU 2015 Directive clearly provides that persons who make a suspicious transaction report should not be exposed to liability in contract or under law, nor be treated in a hostile, adverse, or discriminatory manner.102 Persons who make such reports are p. 710↵protected under the Public Interest Disclosure and Employment Rights Acts. Such reporting can also be contrary to the bank’s duty of confidentiality to its customers (discussed in Chapter 2, section 2.4), and the Proceeds of Crime Act expressly provides for such disclosures not to be treated as in breach of restrictions, however, imposed on such information, as long as the disclosure adheres the Act’s suspicious transaction reporting regime.103
In K v National Westminster Bank Plc,104 the customer instructed the bank to pay £235,000 to its supplier for mobile phones. The mobile phones were to be sold to a Swiss company after which the customer would reclaim VAT that represented £20,000, his business profit. The bank made a suspicious transaction report to the Serious Organised Crime Agency and thus was suspended from carrying out the payment, which caused the customer losses. The customer challenged the bank’s action but the bank could not be made liable for failing to make the customer’s payment under contractual mandate, as the bank had acted lawfully in compliance with anti-money laundering regulation.
In Shah v HSBC Plc,105 Shah was a private bank customer of HSBC who was subject to significant delays in his payment instructions on at least four occasions, including paying into his own Swiss bank account in a sum over £28 million and paying his former employee in Zimbabwe in a sum of over $7 million. Shah was not aware that the bank had raised suspicious transaction reports in relation to those payment instructions. Nevertheless, the transactions were allowed to proceed after investigations by the Serious Organised Crime Agency, and hence there was no implication of money laundering liability. However, the former employee reported to Zimbabwean police suspicions that Shah was involved in money laundering that led to Shah being questioned by the Reserve Bank of Zimbabwe. Subsequently the anti-money laundering authorities froze Shah’s assets in Zimbabwe, causing him a loss of over $300 million. At first instance, the High Court dismissed Shah’s challenge against the bank’s failure to execute his transactions, holding that the bank was protected in complying with anti-money laundering regulation. Shah appealed against the summary judgment and the Court of Appeal106 then overturned the summary judgment and allowed a full trial on whether the bank would still have owed contractual duties in informing Shah of the suspicious transaction report and Serious Organised Crime Agency investigations.
In the full trial before the High Court, Shah argued that the bank owed him duties to account for the bank’s conduct in suspicious transaction reporting and their procedures. He argued that contractual terms should be implied to provide him with a wide range of information relating to the suspicious transaction reporting thresholds, procedures, and identities of officers, as well as investigation information. Shah argued that such information was owed to him as customer and would be relevant to clearing his name in Zimbabwe towards the release of his assets by authorities there. The High Court, however, dismissed Shah’s case and stated that such terms regarding disclosure p. 711↵of information cannot be implied as the Serious Organised Crime Agency and police would not have allowed it, being likely prejudicial to the exercise of their investigative powers.107 Indeed, implied terms should be inserted in banking contracts that allow banks to suspend their contractual duties to perform transactions when complying with anti-money laundering regulations. Shah’s case may have been looked at unfavourably due to the widely framed duty of accountability sought, and his demonstrated hostility against several named employees in HSBC plc. Further, the non-disclosure of information by the bank was judged not to have caused Shah’s losses as the losses were directly caused by the Zimbabwean authorities’ actions that were unrelated to the bank’s conduct. It is queried whether disclosure duties of a narrower nature could find favour with courts.
In sum, the protection of bank employees for raising a suspicious transaction report is comprehensive as compliance with regulation overrode contractual duties and the court has not been willing to imply duties of disclosure to the customer afterward. We now turn to the nature of the obligation to make suspicious transaction reports.
14.4.1 Suspicious transactions reports/authorised disclosures
Persons in the regulated sector (banks, financial institutions, payment services providers) who come across information or any matter within the course of business that raises knowledge, suspicion or reasonable grounds for knowledge or suspicion of money laundering, must make disclosure to a nominated officer or directly to the NCA.108 The nominated officer refers to the MLRO discussed in section 14.5.
Upon receipt of a suspicious transaction report made internally, the nominated officer must consider each report, the grounds for the report, and access all relevant information within the bank or financial institution in order to make a judgment of whether the transaction is reportable to the NCA. To this end a bank or financial institution must ensure that the nominated officer has such access. Where the nominated officer is of the view that a suspicious transaction has occurred, an external report should be made to the NCA109 via a prescribed online system.110 The external report should contain as much useful information relating to the identity of the potential money launderer and the suspected laundered proceeds as far as is possible.111 Where the nominated officer decides not to make the external report, the decision must be documented with reasons.112 Failure to make such reports as soon as is practicable may render the persons above liable for a criminal offence under s330-332 of the Proceeds of Crime Act regime.
Further, any person who may be involved in ‘concealing’ or ‘acquiring, retaining, using or controlling’ criminal property, or involved in arrangements that facilitate the above could avoid liability if such a person made an ‘authorised disclosure’.113 p. 712↵Authorised disclosures are made to a constable, customs officer, NCA or nominated officer in a regulated institution.114
184.108.40.206 Meaning of knowledge and suspicion
As suspicious transaction reports and authorised disclosures are made on the basis of ‘knowledge’, ‘suspicion’ or ‘reasonable grounds for raising suspicion’, it is queried whether the bank’s exercise of discretion to report can be challenged.
‘Knowledge’ is explained as actual knowledge of facts or inferred from facts that bank or financial institutions staff come across in the course of business.115 Suspicion is more subjective in quality and falls short of firm evidence.116 However, suspicion is not mere speculation and needs to be founded on some basis, but such basis need not be objectively required to be reasonable or firm.
In K v National Westminster Bank Plc above, the aggrieved customer challenged the bank’s basis for ‘suspicion’ but the court held that suspicion is a subjective state of mind, and that the bank’s suspicion, as long as it is more than a fanciful supposition, is a valid one and cannot be questioned. This position was affirmed in Shah v HSBC Plc,117 adding that any previous case law that demanded that ‘suspicion’ had to be ‘settled’ is undue.
Certain persons are exempted from the obligation to make suspicious transaction reports, largely due to their obligations as professionals or circumstances of privilege. These are lawyers, accountants, auditors, and tax advisers.118
14.4.2 The need for NCA’s ‘consent’ to proceed if a suspicious transaction report is made
After a suspicious transaction report has been made, the bank is unable to proceed with the customer’s transaction unless ‘appropriate consent’ under ss335 and 336 of the Proceeds of Crime Act 2002 has been obtained. ‘Appropriate consent’ can be obtained expressly, or be presumed after the lapse of 7 working days from the date of the report, and the NCA has not refused consent. If the NCA refuses consent within the 7 working days from the date of report, then the transaction is held for a moratorium period of 31 working days. The moratorium period is the period in which the NCA carries out its investigations. Before the expiry of the period, the NCA may raise the need to extend the moratorium if the preceding 31 days have not provided sufficient time for the NCA to complete its investigations. The Criminal Finances Act 2017119 now permits a senior officer from the NCA to request the court for an extension of the moratorium period. The court may make multiple extension orders, but each one should only be for 31 working days from when the moratorium period ought to have ended. The court’s power to extend the moratorium periods is, however, capped at a total of 186 working p. 713↵days for the moratorium period. In the absence of the NCA’s request for extension and at the lapse of a 31-day period, the bank may presume that ‘appropriate consent’ is achieved and proceed with the transaction.
Where the NCA refuses consent for the customer’s transaction to proceed, it can be envisaged that the customer is held in suspense, and such situations can cause the customer great inconvenience as personal or business accounts may be frozen. In UMBS Online v SOCA,120 UMBS carried on a money remittance business through a number of international currency transfer institutions one of which was the now defunct Laiki Bank of Cyprus. Laiki Bank made a suspicious transaction report against UMBS that caused UMBS’ transfers to be suspended. Within 7 working days, SOCA refused consent to proceed, which was very damaging to UMBS’ business. UMBS requested SOCA to review the decision but SOCA refused, citing that the moratorium period would last 31 days. UMBS then challenged SOCA’s refusal to review under judicial review proceedings. These failed as the High Court held that SOCA’s decision was not reviewable under legislation. On appeal, the Court of Appeal disagreed that SOCA’s decision was not reviewable and remitted back to the High Court to hear the review. It, however, opined that SOCA needed to keep records of their reasons in refusing consent and should give consent where there is no longer any good reason to hold the transaction.121
Now that the moratorium period is raised in favour of the NCA, it is hoped that the NCA would also put in place formal complaint and review mechanisms for individuals and businesses affected. The Court of Appeal’s stance in holding that the agency’s decisions have to be reasoned and documented and may be subject to review, is a welcome safeguard against the vast powers of the NCA.
14.4.3 Tipping off offence
The NCA’s powers to effectively investigate suspicious transactions is further protected by secrecy duties imposed under the Proceeds of Crime Act 2002. If a bank is unable to carry out a transaction within its normal promptness, this may highlight to the customer concerned that a suspicious transaction report has been made. If customers have such knowledge and take steps to re-arrange their financial affairs in such a way as to obstruct the NCA’s investigations, the NCA’s investigations would be prejudiced. Hence, the UK and EU have maintained a regime that prohibits ‘tipping off’ by persons where suspicious transaction reports have been made.122 The Proceeds of Crime Act 2002 makes it an offence for any person to disclose to another that either a suspicious transaction report has been made or that investigations into money laundering are contemplated or underway,123 if the information is obtained in the course of business in the regulated sector and disclosure is likely to prejudice any investigation into the matter.
p. 714↵The tipping off offence often puts banks in a difficult position after they have initiated a suspicious transaction report. This is because the bank’s client would presumably be anxious as to the delay in the execution of the transaction, but the bank is unable to inform the client what the cause is for the delay. In Squirrell Ltd v National Westminster Bank Plc and HM Customs & Excise (Intervenor),124 a case related to the same facts in K v National Westminster Bank Plc discussed earlier, the customer whose account was frozen while the bank waited for the lapse of 7 working days or for SOCA to refuse consent challenged the bank for failure to explain why the transactions were being held. The court held that the bank had to comply with the reporting obligations upon suspicion of money laundering and were also prohibited from disclosing to their client the state of affairs. The bank was in an unenviable position but such conduct could not be impeached.
However, the 2007 amendments to the UK regime provided for a white list of disclosures that would not be regarded as tipping off. The provisions clarified that disclosures within the same firm or group are not to be treated as tipping off.125 This is necessary to enable different personnel in the firm to deal with internal control, advice, or training. Further, disclosures made between financial institutions and between professional advisers are also protected from the tipping off offence126 if made for the purpose of preventing a money laundering or terrorist financing offence, and the relevant institution or adviser is situated in an EEA country and is subject to equivalent duties in confidentiality and personal data protection. Disclosures made to authorities for the purposes of assisting investigation or enforcement are also protected.127
Banks are required to carry out suspicious transactions reports if there is knowledge, suspicion, or reasonable grounds to suspect money laundering.
Knowledge refers to actual knowledge of facts or knowledge inferred from facts but suspicion is more subjective in nature and requires some form of a basis although such basis need not be objectively ascertained.
Suspicious transaction reports are first carried out internally to the MLRO discussed in section 14.5. The Officer may then externally report this to the NCA.
If a suspicious transaction report is made, the transaction may proceed after a lapse of 7 working days if the NCA does not refuse consent to its proceeding.
The NCA may refuse consent within 7 working days in which case a moratorium period of up to 31 days applies for the NCA to carry out investigations while the transaction is suspended.
Customers are unlikely to successfully seek redress from banks for failing to carry out transactions.
Further, banks are prohibited from disclosing to customers the nature of the delay in their executions in order not to prejudice NCA investigations. This is the essence of the offence of ‘tipping off’.
Judicial review may be sought for the NCA’s decisions.
Criminal Finances Act 2017 amending the Proceeds of Crime Act 2002
Issacs, M, ‘Money Laundering: Further Guidance for Banks on What to Do When Faced with Conflicting Duties Following a Suspicious Transaction Report: The N2J Case’ (2006) Journal of International Banking Law and Regulation 431
Ryder, N, Money Laundering—An Endless Cycle?: A Comparative Analysis of the Anti-Money Laundering Policies in the United States of America, the United Kingdom, Australia and Canada (Oxford: Routledge 2012)
14.5 Internal control and governance
Banks and financial institutions need to ensure that they have in place systems and procedures to consistently and effectively implement the duties of due diligence and suspicious transaction reporting discussed above. Overall, banks and financial institutions are required to install and maintain an organisational framework or architecture for such compliance. To this end, the FCA128 has established procedural and governance rules for banks. In general, banks and financial institutions are to put in place adequate policies and systems proportionate to the nature, scale, size, and complexity of their businesses and in accordance with the nature and range of financial products and services it engages in.129 We turn first to the governance requirements imposed by the FCA, followed by the procedural requirements. The governance requirements relate to the organisation of responsibility for implementing, overseeing, and reviewing compliance policies and procedures within the bank or financial institution.
14.5.1p. 716 Governance
The FCA mandates that a director or senior manager of the bank or financial institution130 has overall responsibility for maintaining the policies and systems for compliance with anti-money laundering and counter-terrorist financing regulation. Where a bank or financial institution group is concerned, anti-money laundering and counter-terrorist financing policies are to be maintained on a group-wide basis. The policies must be documented, as this will ensure due dissemination to the rest of the firm for effective and consistent implementation, and for training and awareness purposes.131
Reposing the ultimate responsibility for maintaining compliance systems and procedures in a director or senior manager ensures that the need for compliance and its implementation is directed at the highest levels of authority in the bank or financial institution, and that oversight is carried out at such levels. As putting in place compliance systems and procedures are necessarily costly and they would inevitably interfere with business, banks and financial institutions may not be motivated to implement such systems and procedures effectively. The imposition of potential personal liability on a director or senior manager for failure to implement effective systems and procedures is arguably a compelling incentive for directors and senior managers tasked with this responsibility. The personal liability regime for senior managers is discussed in Chapter 12, and the earlier example of FCA enforcement against Bank Habib AG Zurich mentioned in section 14.2 shows that the FCA is willing to punish individuals, in that case the Money Laundering Reporting Officer, for failures to effectively implement compliance systems and procedures.
Further, a specific MLRO must be designated in the bank or financial institution unless the firm is a sole trader. The MLRO acts as a focal point for the anti-money laundering and counter-terrorist financing compliance in the firm and has oversight for effective implementation of systems and procedures.132 The MLRO is also likely to be the one carrying out the functions of ‘nominated officer’ discussed above in relation to receiving internal suspicious transaction reports and to making the judgment call of whether to make an external report to the NCA or otherwise. This person may be the same as or different from the responsible ‘director or senior manager’ mentioned above, and where the MLRO is a different person, there would likely be a line of accountability to the director or senior manager so that the MLRO’s roles and functions can be overseen.
The MLRO is to be given sufficient stature in the firm, and protected in his/her independence. S/he is also to be adequately resourced.133 Further, the MLRO is responsible for preparing an annual report of the oversight of compliance to senior management, in order for review and improvement to be implemented.134 We turn to discuss the regulatory requirements for systems and procedures for compliance and their effectiveness.
14.5.2p. 717 Systems and procedures
Compliance systems and procedures in relation to anti-money laundering and counter-terrorist financing involve data collection, analysis and processing systems, alerting for action, reporting and review. Banks and financial institutions are imposed with extensive record-keeping duties, the information in records forming the basis for compliance systems and procedures. Banks and financial institutions are required to maintain the following records:
Information for conducting customer due diligence including deviations from normal due diligence procedures such as for financially excluded customers.135
Supporting information for customer transactions that are the subject of customer due diligence or ongoing monitoring.136
All actions taken to identify beneficial owners of bodies corporate.137
All internal reports made to the MLRO whether or not acted upon to be reported to the NCA, with reasons documented for not acting upon the internal report.138
All external reports made to the NCA.139
All MLRO annual reports on oversight of compliance systems and procedures.140
All internal records of training for compliance with systems and procedures for staff.141
Due diligence and transaction records are to be maintained for 5 years from the completion of transaction or end of business relationship.142 Other records such as internal and external reports or internal records of annual reports or training records should be maintained for 5 years from the date of each record.143 Records can be kept in paper copies or in electronic form,144 but the overriding factor that may assist in determining how and where records are to be kept is whether such records can be accessed without undue delay in order for banks and financial institutions to perform due diligence, ongoing review, or transaction reporting.145
The use of automated systems may to an extent be important in assisting banks and financial institutions in meeting their compliance requirements.
First, banks and financial institutions are required to keep customer information up-to-date as part of ongoing customer due diligence. The use of automation can assist banks and financial institutions in identifying significant points in time for seeking new customer information or evidence, such as the establishment of a new business relationship or opening of new accounts.146
p. 718↵Next, banks and financial institutions are to maintain systems and procedures for monitoring customers. Such monitoring is for the purpose of ensuring that transactions fit the risk profiles of customers, and for detecting unusual or suspicious transactions so that appropriate determination can be made as to internal and external reporting. Monitoring systems should be capable of both real-time monitoring as well as periodic reviews after customer transactions have taken place. Both types of monitoring should be capable of leading to the flagging up of suspicious transactions.147 Monitoring should not be a mechanical process and banks should adopt indicators for review that are based on customers’ risk profiles, up-to-date information and adopting a risk-based approach.
Further, banks and financial institutions should explore both manual and automated systems in different combinations in order to carry out monitoring. Where banks and financial institutions process a significant volume of transactions, some extent of automation in applying monitoring procedures would likely be necessary.148 Automated systems may be simple or sophisticated along a spectrum of artificial intelligence, and they may be input with parameters for the bank’s needs in order to flag up suspicions or unusual transactions. Banks and financial institutions need to ensure that where they purchase such automated systems from commercial suppliers, the suppliers are able to calibrate the systems according to the bank’s needs. Banks and financial institutions that procure and use automated systems should also understand how the systems work in terms of the assumptions and parameters they implement and whether they may be intelligent enough to learn from past experience.149 Manual processes can be more effective when human judgment is needed such as ‘staff intuition, direct exposure to a customer face-to-face or on the telephone, and the ability, through practical experience, to recognise transactions that do not seem to make sense for that customer.’150 Hence it is important for banks and financial institutions to maintain appropriate compliance training151 for relevant staff in order to sustain staff alertness to suspicious transactions. Such compliance training should also be subject to a systematic approach to ensure that all relevant staff are adequately equipped to manage money laundering and terrorist financing risks and comply with the duties imposed on banks and financial institutions.
Systems and procedures in relation to anti-money laundering and counter-terrorist financing are subject to review by internal audit according to the latter’s role and responsibility discussed in Chapter 12, as well as by senior management, as earlier discussed.
14.5.3 FCA enforcement
Although the requirements in relation to systems and procedures sound highly procedural, they have formed the basis of much of the FCA’s enforcement against banks and financial institutions. The FCA can carry out enforcement against banks and financial p. 719↵institutions for failing to put in place adequate governance, systems, or procedures even if there is no substantive finding of money laundering or support for terrorist financing. This is because the failure to maintain adequate systems and procedures could result in significantly increased risk that money laundering is facilitated and undetected. The failure to maintain such systems and procedures often entails a breach of the duty to conduct customer due diligence or to make a transaction report, as the ability to conduct customer due diligence or make transaction reports is highly dependent on the effectiveness of systems and procedures.
The FCA has fined several banks in relation to adequate systems and controls in relation to customer due diligence, especially in relation to enhanced due diligence, identification, and risk-monitoring of high-risk customers and PEPs. The private bank Coutts was fined £8.75 million152 in 2010 for failings in this regard, and Standard Bank Plc153 was fined in 2014 in the sum of £7.6 million for similar types of failings. Lesser fines of over £500,000 were levied on Habib Bank AG Zurich154 in 2012 and Guaranty Trust Bank (UK) in 2013155 for similar failings. In 2016, the FCA levied a £3.2 million fine on Sonali Bank (UK) for failures in governance such as adequate senior management oversight, failings in the MLRO’s functions and overall weak systems for customer due diligence and monitoring.156 The MLRO was personally fined in the sum of £17,900 under the personal liability regime discussed in Chapter 11. The largest fine to date was, however, levied on Deutsche Bank in 2017 in the sum of £163 million.157 Box 14.7 encapsulates the enforcement case.
Box 14.7 FCA fine against Deutsche Bank for failings in anti-money laundering compliance
The Deutsche Bank’s Corporate Banking and Securities division (CB&S) in the UK were alleged to have:
performed inadequate customer due diligence;
failed to ensure that its front office took responsibility for the due diligence obligations;
deficient anti-money laundering policies and procedures;
an inadequate anti-money laundering IT infrastructure;
lacked automated anti-money laundering systems for detecting suspicious trades; and
failed to provide adequate oversight of trades booked in the UK by traders in non-UK jurisdictions.
As a result of these failings the FCA took the view that:
Deutsche Bank failed to obtain sufficient information about its customers to inform the risk assessment process and to provide a basis for transaction monitoring. The failings allowed the front office of Deutsche Bank’s Russia-based subsidiary (DB Moscow) to execute more than 2,400 pairs of trades that mirrored each other (mirror trades) between April 2012 and October 2014. The mirror trades were used by customers of Deutsche Bank and DB Moscow to transfer more than $6 billion from Russia, through Deutsche Bank in the UK, to overseas bank accounts, including in Cyprus, Estonia, and Latvia. The customers on the Moscow and London sides of the mirror trades were connected to each other and the volume and value of the securities was the same on both sides. The purpose of the mirror trades was the conversion of Roubles into US Dollars and the covert transfer of those funds out of Russia, which is highly suggestive of financial crime.
Banks are to ensure that anti-money laundering and counter-terrorist financing policies are maintained at the level of a director or senior manager who has personal responsibility in the terms discussed in Chapter 11.
Banks are to appoint a MLRO for oversight of the implementation of effective anti-money laundering and counter-terrorist financing systems and procedures.
Banks must put in place adequate systems and procedures for dealing with the duties in customer due diligence, monitoring and review, transaction reporting, training, and education of staff, generating reports to senior management, record retention, and day-to-day operations where money laundering risks feature.
These systems and procedures should be able to perform both real-time and periodic post-transactions review, and should be a combination of automated and manual systems and procedures where appropriate. The fine against Deutsche Bank seems to suggest that where automated systems may be useful, not installing them can be regarded as a failure to implement effective systems and procedures, attracting FCA enforcement.
The FCA is the principal enforcer of breaches of duties in customer due diligence, monitoring and review, and transaction reporting, as well as failures to implement and maintain adequate systems and procedures. The FCA has fined a number of banks, including Deutsche Bank to date.
FCA Handbook SYSC 6
Angela SM Irwin and Kim-Kwang Raymond Choo, ‘The Future of Technology in Customer Identification & Relationship Risk’ (2014) at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2431944
Critically evaluate the obligations imposed on banks in respect of their role in financial intelligence relating to money laundering. Are bank customers adequately protected when a bank makes a suspicious transaction report?
Answer tips You may wish to discuss the obligations for a bank under ss330–2 and the effect of suspension of customer transactions pending appropriate consent under ss335–6 Proceeds of Crime Act 2002. You should discuss to what extent customers can challenge bank decisions or call banks to accountability, in light of the s333 tipping off offence. You should also assess if judicial review is available against the NCA. You should refer to key case law in this area.
Should banks be fined heavily for breaches of procedural requirements that are preventive in nature, whether or not money laundering has indeed occurred?
Answer tips You may wish to provide an overview of the procedural requirements in due diligence, reporting of suspicious transactions and the implementation of systems and procedures. While bearing in mind the high-level nature of this question and the need to be succinct with selective detail, you should discuss what you consider to be the spirit of such preventive measures and how they relate to disrupting the money laundering process. You may also discuss key enforcement cases such as the Deutsche Bank fine.p. 722↵
1 AVM Leong, ‘Anti-money Laundering Measures in the UK’ (2007) Company Lawyer 35.
2 Sections 327–9, Proceeds of Crime Act 2002.
3 Section 329, Proceeds of Crime Act 2002.
4 Section 328, Proceeds of Crime Act 2002.
5 Section 327, Proceeds of Crime Act 2002.
6  2 Cr. App. R. 37.
7 Section 18, Terrorism Act 2000.
8 Section 14, Terrorism Act 2000.
11 At http://www.fatf-gafi.org/media/fatf/documents/reports/FATF%20Standards%20-%20IX%20Special%20Recommendations%20and%20IN%20rc.pdf.
12 FATF, International Standards on Combatting Money Laundering and the Financing of Terrorism and Profliferation (2012) at http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf.
13 FATF, Procedures for the FATF Fourth Round of AML/CFT Mutual Evaluations (October 2013) at http://www.fatf-gafi.org/media/fatf/documents/methodology/FATF-4th-Round-Procedures.pdf.
14 See http://www.fatf-gafi.org/publications/high-riskandnon-cooperativejurisdictions/?hf=10&b=0&s=desc(fatf_releasedate).
15 The Unique Transaction Identifier is a technical standard developed by CPMI and IOSCO jointly, see CPMI and IOSCO, Technical Guidance: Harmonisation of the Unique Transaction Identifier (2017) and the FSB’s supporting framework for this in Governance Arrangements for the Unique Transaction Identifier (Dec 2017) at http://www.fsb.org/2018/01/fsb-publishes-governance-arrangements-and-implementation-plan-for-the-unique-transaction-identifier-uti/.
16 The substantive law in relation to these will not be covered in this book but students should be aware of the wider scope of financial crime in general, where corporations are the main agents involved. See https://www.interpol.int/Crime-areas/Cybercrime/Research; OECD, OECD Convention on Combatting Bribery of Foreign Public Officials in International Business Transactions (2009); Implementing the Tax Transparency Standards: A Handbook for Assessors and Jurisdictions (2010) and Convention on Mutual Administrative Assistance in Tax Matters (2017).
17 Commission Directive on Money Laundering 2006; Wire Transfer Regulations 2006 (Regulation (EC) No 1781/2006 of the European Parliament and of the Council of 15 November 2006 and Cash Control Regulations 2005 (Regulation (EC) No 1889/2005. These have now been consolidated and superseded.
18 Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/ 70/EC.
19 Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006.
20 See ‘Statement by First Vice-President Timmermans, Vice-President Dombrovskis and Commissioner Jourovà on the adoption by the European Parliament of the 5th Anti-Money Laundering Directive’ (19 April 2018), pending publication in the Official Journal.
21 Joint Committee, Preliminary Report on Anti-Money Laundering and Counter Financing of Terrorism Risk Based Supervision (October 2013) at https://www.eba.europa.eu/documents/10180/16145/JC-2013-72+%28Report+on+Risk+Based+Supervision%29.pdf.
22 For example, see Joint Committee, Joint Opinion on the Risks of Money Laundering and Terrorist Financing Affecting the Union’s Financial Sector (20 February 2017) at https://www.eba.europa.eu/documents/10180/1759750/ESAS+Joint+Opinion+on+the+risks+of+money+laundering+and+terrorist+financing+affecting+the+Union%E2%80%99s+financial+sector+%28JC-2017-07%29.pdf.
23 Such as the development of technical standards for central counterparties in combatting financial crime risks, see https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-e-money/rts-on-ccp-to-strengthen-fight-against-financial-crime.
24 See EBA, Joint Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (June 2017) at https://www.eba.europa.eu/documents/10180/1890686/Final+Guidelines+on+Risk+Factors+%28JC+2017+37%29.pdf. Substantive issues will be discussed in section 14.3.
25 HM Treasury, Money Laundering Regulations 2017: A Consultation (15 March 2017) at https://www.gov.uk/government/consultations/money-laundering-regulations-2017. Section 15(3) of the Money Laundering Regulations 2017.
26 S15(3), Money Laundering Regulations 2017.
27 See, for example, Home Office and HM Treasury, Action Plan for Anti-Money Laundering and Counter-Terrorist Finance (April 2016) at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/517993/6-2118-Action_Plan_for_Anti-Money_Laundering__print_.pdf.
28 NAO, The Assets Recovery Agency (21 February 2007) at https://www.nao.org.uk/wp-content/uploads/2007/02/0607253.pdf.
29 For example, see NCA, High End Money Laundering: Strategy and Action Plan (October 2014) at http://www.nationalcrimeagency.gov.uk/publications/625-high-end-money-laundering-strategy/file.
30 EBA, On the Characteristics of a Risk-Based Approach to Anti-Money Laundering and Terrorist Financing Supervision, and the Steps to be Taken When Conducting Supervision on a Risk-Sensitive Basis (16 November 2016) at https://www.eba.europa.eu/documents/10180/1663861/Joint+Guidelines+on+Risk-Based+Supervision+%28ESAS+2016+72%29.pdf/7159758d-8337-499e-8b12-e34911f9b4b6.
31 NCA, The NCA Commitment to Working in Partnership with UK Operational Partners (August 2015) at http://www.nationalcrimeagency.gov.uk/publications/178-the-nca-commitment-to-working-in-partnership-with-uk-operational-partners/file, esp. at Annex A.
32 ‘HSBC money laundering report: Key findings’ BBC News (11 December 2012).
33 ‘StanChart faces extension of U.S. money-laundering vigilance’ Reuters (2 September 2016).
34 ‘Deutsche Bank fined $630 million over Russia money laundering claims’ The Guardian (31 January 2017).
35 See mandate of the Money Laundering and Asset Recovery Section of the Department of Justice to be committed to pursuing multi-district, international money laundering offences, at https://www.justice.gov/criminal-mlars.
36 These are covered in s338, Proceeds of Crime Act 2002; s21A Terrorism Act 2000 in relation to reporting. In relation to internal control procedures, see FCA Handbook SYSC 6 and the Joint Money Laundering Steering Committee Guidelines, both to be discussed in section 14.5; and in relation to due diligence see Articles 11–20 of the Fourth Anti-money Laundering Directive 2015.
37 FCA, Thematic Review: Banks’ Control of Financial Crime Risks in Trade Finance (July 2013) at https://www.fca.org.uk/publications/thematic-reviews/tr13-3-banks%E2%80%99-control-financial-crime-risks-trade-finance.
38 FCA, Report: Banks’ Management of High Money Laundering Risks (June 2011) at http://www.fsa.gov.uk/pubs/other/aml_final_report.pdf.
39 FCA, Thematic Review: Anti-Money Laundering and Anti-Bribery and Corruption Systems and Controls: Asset Management and Platform Firms (Aug 2015), at https://www.fca.org.uk/publications/thematic-reviews/tr13-9-anti-money-laundering-and-anti-bribery-and-corruption-systems.
41 Payment Services Regulations 2017, transposing the EU Payment Services Directive 2 (2015). These require the existence of appropriate internal control to form part of the basis for authorisation.
43 ‘NCA warns on company abuse of money-laundering checks’ Financial Times (12 October 2015).
44 Discussed in HM Treasury, Money Laundering Regulations 2017: A Consultation (15 March 2017) at https://www.gov.uk/government/consultations/money-laundering-regulations-2017.
45 Home Office and HM Treasury, Action Plan for Anti-Money Laundering and Counter-Terrorist Finance (April 2016) at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/517993/6-2118-Action_Plan_for_Anti-Money_Laundering__print_.pdf.
46 OPBAS Sourcebook, at https://fca.org.uk/publication/opbas/opbas-sourcebook.pdf.
48 Regulations 19, 21, 24, 35, 48, 76 and 86, Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
49 See http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current on the most recent approved version.
50 Article 10 of the AML Directive 2015 prohibits anonymous accounts from being opened or serviced.
51 Section 4, Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (Money Laundering Regulations 2017).
52 Section 3, Money Laundering Regulations 2017.
53 Section 5, Money Laundering Regulations 2017.
54 Section 6, Money Laundering Regulations 2017.
55 Section 30(2), Money Laundering Regulations 2017.
56 Article 14(3) AML Directive 2015, s30(4), Money Laundering Regulations 2017.
57 Article 14(2), AML Directive 2015, s30(3), Money Laundering Regulations 2017.
58 Article 12, AML Directive 2015. Member States can increase the maximum payment instrument threshold to €500.
59 HM Treasury, Money Laundering Regulations 2017: A Consultation (15 March 2017) at https://www.gov.uk/government/consultations/money-laundering-regulations-2017, s38, Money Laundering Regulations 2017.
60 Article 14(5), AML Directive 2015 and para 108, EBA, Joint Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (June 2017) at https://www.eba.europa.eu/documents/10180/1890686/Final+Guidelines+on+Risk+Factors+%28JC+2017+37%29.pdf. (Joint Guidelines 2017.)
61 Article 13, AML Directive 2015, s28, Money Laundering Regulations 2017.
62 Para 5.3.31, JMLSG Guidance.
63 Paras 5.3.39–53, JMLSG Guidance.
64 Paras 15–16, Joint Guidelines 2017.
65 Paras 5.3.108–125, JMLSG Guidance.
66 Section 28, Money Laundering Regulations 2017.
68 Paras 5.3.79–84, JMLSG Guidance.
69 Section 18, Money Laundering Regulations 2017.
70 Paras 18–33, Joint Guidelines 2017.
71 Paras 36–9, Joint Guidelines 2017.
72 Para 5.3.24, JMLSG Guidance.
73 Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council by identifying high-risk third countries with strategic deficiencies.
74 The widening of payment services is permitted in the Payment Services Directive 2, Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.
75 Payments under €1,000 may be exempted from the stringent requirement to comply with obtaining all payor and payee information prescribed.
76 Joint Guidelines 2017.
77 Angela SM Irwin and Kim-Kwang Raymond Choo, ‘The Future of Technology in Customer Identification & Relationship Risk’ (2014) at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2431944. Distributed ledger technology is discussed in José Parra-Moyano and Omri Ross, ‘KYC Optimization Using Distributed Ledger Technology’ (2017) at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2897788.
78 FCA Handbook, SYSC 6.3.7.
79 Article 15, AML Directive 2015.
80 Section 37, Money Laundering Regulations 2017.
81 Section 37(4), Money Laundering Regulations 2017.
82 Section 33, Money Laundering Regulations 2017.
83 Defined in Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council by identifying high-risk third countries with strategic deficiencies.
84 This includes family members and known associates of the politically exposed person, Article 23, AML Directive 2015; and for at least 12 months after a politically exposed person has ceased political office, Article 22, AML Directive 2015.
85 Articles 18–23, AML Directive 2015.
86 Section 33(4) and (5), Money Laundering Regulations 2017.
87 Para 107, Joint Guidelines 2017.
88 Para 56, Joint Guidelines 2017.
89 Articles 3 and 24, AML Directive 2015; s34, Money Laundering Regulations 2017.
90 Article 19, AML Directive 2015, s34, Money Laundering Regulations 2017.
91 Article 3, AML Directive 2015.
92 ‘Poor Correspondents’, The Economist (14 June 2014).
93 FATF, FATF Guidance on Correspondent Banking Services (October 2016) at http://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-Correspondent-Banking-Services.pdf.
94 FSB, Action Plan to Assess and Address the Decline in Correspondent Banking (December 2016) at http://www.fsb.org/wp-content/uploads/FSB-action-plan-to-assess-and-address-the-decline-in-correspondent-banking.pdf.
95 Such as the Correspondent Banking Due Diligence Questionnaire introduced in early 2018, see http://www.fsb.org/2018/03/bcbs-cpmi-fatf-and-fsb-welcome-industry-initiative-facilitating-correspondent-banking/.
96 The UK government’s initial proposal to include senior members of international sporting federations in the list was not supported and ultimately ditched. See HM Treasury, Money Laundering Regulations 2017: A Consultation (15 March 2017) at https://www.gov.uk/government/consultations/money-laundering-regulations-2017.
97 Articles 20, 21, AML Directive 2015, s34, Money Laundering Regulations 2017.
98 Article 20, AML Directive 2015; s34, Money Laundering Regulations 2017.
99 HM Treasury, Money Laundering Regulations 2017: A Consultation (15 March 2017) at https://www.gov.uk/government/consultations/money-laundering-regulations-2017; Schedule 3, s7, Money Laundering Regulations 2017.
100 Consistent with the FATF Standards and Article 32, AML Directive 2015.
101 Articles 33 and 34, AML Directive 2015, s330, Proceeds of Crime Act 2002.
102 Articles 36 and 37, AML Directive.
103 Section 337.
104  EWCA Civ 1039.
105  EWHC 1283 (QB).
106  EWCA Civ 31.
108 Section 330, Proceeds of Crime Act 2002.
109 Sections 331–2, Proceeds of Crime Act 2002.
110 Para 6.35, JMLSG Guidance.
111 Paras 3.21–27, 6.3 JMLSG Guidance.
112 Para 6.32, JMLSG Guidance.
113 Sections 327–9, Proceeds of Crime Act 2002.
114 Section 338, Proceeds of Crime Act 2002.
115 Para 6.10, JMLSG Guidance.
116 Para 6.11, JMLSG Guidance.
117  EWHC 1283 (QB).
118 Section 330 Proceeds of Crime Act 2002 amended as of 2006, and Article 34(2), AML Directive 2015.
119 Section 336A–D, Proceeds of Crime Act 2002 amended by the Criminal Finances Act 2017.
120  Bus LR 1317.
121 UMBS Online Ltd v SOCA  EWCA Civ 406.
122 Section 333, Proceeds of Crime act 2002 and Article 39, AML Directive 2015.
123 Section 333A, Proceeds of Crime Act 2002 amended in 2007.
124  EWHC 664 (Ch).
125 Section 333B, Proceeds of Crime Act 2002 amended in 2007.
126 Section 333C, Proceeds of Crime Act 2002 amended in 2007.
127 Section 333D, Proceeds of Crime Act 2002 amended in 2007.
128 Largely to be found in FCA Handbook SYSC 6. The need for adequate policies and control is also stated in Article 46, AML Directive 2015.
129 FCA Handbook SYSC 6.1.2.
130 FCA Handbook SYSC 6.3.8.
131 FCA Handbook SYSC 6.3.7.
132 FCA Handbook SYSC 6.3.9.
133 FCA Handbook SYSC 6.3.9.
134 FCA Handbook SYSC 6.3.7.
135 Section 40, Money Laundering Regulations 2017; para 8.9, JMLSG Guidance.
137 Section 28, Money Laundering Regulations 2017.
138 Para 8.21, JMLSG Guidance.
139 Para 8.22, JMLSG Guidance.
140 Para 8.24, JMLSG Guidance.
142 Section 40, Money Laundering Regulations 2017, which specify that records are not required to be kept in any case exceeding 10 years.
143 Para 8.23, JMLSG Guidance.
144 Para 8.26, JMLSG Guidance.
145 Paras 8.29–33, JMLSG Guidance.
146 Paras 5.3.27–28, JMLSG Guidance.
147 Paras 5.7.4–8, JMLSG Guidance.
148 Para 5.7.16, JMLSG Guidance.
149 Paras 5.7.15–19, JMLSG Guidance.
150 Para 5.7.14, JMLSG Guidance.
151 FCA Handbook SYSC 6.3.7.
152 See http://www.fsa.gov.uk/library/communication/pr/2012/032.shtml.
156 ‘The FCA found serious and systemic weaknesses affected almost all levels of its AML control and governance structure, including its senior management team, its money laundering reporting function, the oversight of its branches and its AML policies and procedures. This meant that the firm failed to comply with its operational obligations in respect of customer due diligence, the identification and treatment of politically exposed persons, transaction and customer monitoring and making suspicious activity reports.’ See https://www.fca.org.uk/news/press-releases/fca-imposes-penalties-sonali-bank-uk-limited-money-laundering.