The first ever UK criminal prosecution of a financial institution for failures in money laundering recently concluded with Nat West being fined £264.8m.
The sentencing judge (Mrs Justice Cockerill) cited three offences committed in the period between 8 Nov 2012 and 23 Jun 2016: –
• Failing to conduct ongoing monitoring of a business relationship;
• Failing to determine the extent of ongoing monitoring on a risk sensitive basis;
• Failing to apply enhanced ongoing monitoring in a business relationship with Fowler Oldfield which, by its nature, presented a higher risk of money laundering and terrorist financing.
The charges relate specifically to the failure of the bank to properly monitor the activity of a commercial customer, Fowler Oldfield, a jewellery business based in Bradford.
Initially rejected by the bank for being outside the bank’s risk appetite owing to the nature of the business, Fowler Oldfield was eventually taken on in 2011 following resubmission of the application by the NatWest Relationship Manager, supported by further information which, amongst other things, led NatWest to understand that Fowler Oldfield would not handle cash from the Fowler Oldfield business.
Over the course of the customer relationship however, approximately £365m was deposited with the bank, of which around £264m was in cash.
The offending period is over five years ago but many of the issues identified are still valid today. The headlines have been focused on the ‘plastic bags of cash’ and the ‘£1.8 million’ in cash that was being deposited daily at the peak of the laundering which combined with other factors led the sentencing judge to conclude
‘….it must be borne in mind that although in no way complicit in the money laundering which took place, the Bank was functionally vital. Without the Bank – and without the Bank’s failures – the money could not be effectively laundered.’
There are a number of fundamental issues that have featured in this prosecution which emphasise the importance of having an effective financial crime framework.
Understanding the nature and purpose of the business and the financial crime risk that the bank faces
Whilst there was some obfuscation from the relationship manager, an accurate assessment of the risk of the client is essential at the onboarding stage as many of the downstream controls will be triggered by this assessment.
It also demonstrates the need for some level of independence and impartiality in the assessment of the customer risk.
Monitoring of client activity
Monitoring can take many different forms, for example: –
• Direct interaction with the client;
• Staff vigilance;
• Periodic client reviews;
• Event driven reviews;
• Automated transaction monitoring.
There were instances in this case where processes and procedures were either ignored or not followed up. Changes will occur in client activity throughout the course of a relationship especially from those that seek to use a bank as a conduit for laundering the proceeds of crime.
The use of periodic reviews and event driven reviews are essential to identify such changes and challenge the risk classification of the client.
This case also cites the failure of automated transaction monitoring systems to identify suspicious activity, this been a consistent failing which has mentioned in other recent enforcement actions. The FCA specifically mentioned it in their ‘Dear CEO’ letter published earlier this year.
NatWest’s transaction monitoring policy was consistent with industry standards however poor communication; inadequate management of intelligence; lack of access to IT systems for relevant teams; transaction monitoring systems that are not reviewed / updated and a lack of assurance over processes and procedures will render any policy ineffective.
Internal challenge and investigation
During the course of the relationship with Fowler Oldfield, 11 internal money laundering suspicious reports were made and there were 10 alerts from transaction monitoring.
However, to have effective escalation and investigation function, staff need to be suitably trained, have access to all available information and be sufficiently independent to be able to challenge.
In this case, there was an over reliance on the explanations of the relationship manager. Investigators did not have access to the original information on the client and relied on information held on aggregated systems. There was a lack of coordination of information on the client that arose in different parts of the bank but was not tied together or collated centrally.
End to End anti financial crime framework
This judgement further underlines the need to have a coordinated and comprehensive approach to managing the risk of financial crime within financial institutions. Controls that operate in isolation are capable of being circumvented by organised crime groups.
The report specifically states that the failings were in the first line of defence, however the second line are responsible for the oversight of the financial crime framework and Internal Audit are responsible for providing independent assessment of the risk and controls. It is apparent that there were failings across all three lines.
This is the first criminal prosecution of a financial institution under the Money Laundering Regulations and represents a significant escalation of enforcement measures by the UK Regulator. It demonstrates that they have the ability to gather evidence of wrong doing to a criminal standard.
At the present time, no individuals, employed in the regulated sector have been criminally prosecuted for failing to comply with the Money Laundering Regulations, however this first corporate criminal prosecution may lead the way for such actions to be brought in the future.
The full statement of facts is available on the following link:
https://www.judiciary.uk/wp-content/uploads/2021/12/FCA-v-Natwest-Sentencing-remarks-131221.pdf
John Flynn
22 December 2021