The Financial Conduct Authority’s (FCA’s) inaugural use of its criminal money laundering powers under Regulation 45 of the UK Money Laundering Regulations 2007 (MLR) against NatWest is viewed by many as a warning shot to firms within scope of the MLR that the FCA is prepared to utilise its criminal authority in cases that it considers to be serious, including against major financial institutions. 

The FCA has had the ability to exercise its criminal money laundering powers since their introduction to the MLR, however, had not done so until now. This case marks the FCA’s first criminal prosecution for money laundering offences, as well as the first criminal prosecution against a bank for such offences. Previous FCA enforcement action has focused on monetary penalties in the form of fines for breaches of regulation, therefore, the criminal action taken by the FCA signals a new regulatory approach. 

Financial institutions should heed the FCA’s most recent warnings and take stock of their AML compliance programs to help ensure they are not the next entity up against enforcement action. 

The FCA have alleged that NatWest failed in its obligation to perform adequate due diligence and ongoing monitoring in relation to a specific corporate relationship, whereby around £365 million was deposited into the customer’s account, with £264 million deposited in cash between 2011 and 2016. 

The FCA allege that NatWest’s handling of those deposits failed to adhere to the requirements of Regulations 8(1), 8(3) and 14(1) of the MLR Regulations. 8(1) and 8(3) of the MLR require a relevant person to conduct ongoing monitoring of a business relationship, including keeping up-to-date documents, data or information obtained for the purpose of applying customer due diligence measures and the ongoing monitoring of customer due diligence results. Regulation 14(1) MLR relates to enhanced customer due diligence and ongoing monitoring on a risk-sensitive basis, in situations which present a higher risk of money laundering or terrorist financing. If NatWest are convicted of the alleged failings, enforcement action could include an unlimited fine as well as further potential consequences, such as additional scrutiny regarding regulatory decisions for the renewal of various banking authorisations and the awarding of public contracts. 

According to Fenergo’s Fines Report 2020, global regulators issued more than $10 billion in anti-money laundering (AML) fines to financial institutions throughout 2020, an increase of 26% over 2019 AML fines. Many of the enforcement actions taken by global regulators in 2020 pertained to repeated procedural shortcomings that regulators have been highlighting for a number of years in the form of inadequacies applied to due diligence, management of AML control measures and the monitoring of suspicious activity. The warning signs that regulatory tolerance toward lax or unsatisfactory AML controls in financial institutions is near to zero is only amplified by the action taken against NatWest. Financial institutions should take note of the AML failings highlighted in recent regulatory enforcements and safeguard against the existence of such shortcomings in their own institutions, by ensuring that all AML processes and controls are of an effective and high standard.

One of the biggest challenges for financial institutions is effectively utilising the data they hold to identify potential criminality. Institutions often have what they consider to be effective AML controls in place; however, unintentional departmental silos can cause a disconnect between the first and second lines of defence and/or business units, resulting in potential threats inadvertently falling between the cracks. This can lead to situations where individual client activity is reviewed in isolation, without a collective overview of prior activity or consideration of the known customer profile. Ideally, a financial institution should observe each client’s profile and activity in its entirety by incorporating all available information into its transaction monitoring and review process. Integrating customer due diligence and enhanced due diligence into this process will help institutions better understand the customer profile and therefore afford themselves the ability to make an educated determination of whether specific activity should be considered suspicious and reported. 

It can also be a challenge for financial institutions to ensure that they are taking a collective approach to risk management, rather than operating in siloed environments whereby each business unit assesses and manages its financial crime risk in isolation. For example, if a customer is connected to a number of accounts across multiple business units, and money appears to cycle between accounts to no obvious purpose, the transactions should be reviewed holistically across all accounts and business units to gain a greater context and understanding of the extent of the activity. Successfully breaking down the potential for silos and executing a joined-up approach to financial crime investigations across all areas of compliance can assist in ensuring that all connected risk is identified, assessed, and reported (if required) simultaneously. This will also allow for the collective exit of a potential risk in its entirety, rather than piecemeal as and when additional connections are identified. 

Keeping up with the ever-diversifying threat of financial crime is a constant battle fought by the vast majority of financial institutions for decades, only to be exacerbated by the global pandemic taking hold in 2020. The pandemic has undoubtedly caused a shift in spending patterns and habits, which has affected the ability of financial institutions to understand whether customer activity has deviated from what is considered “normal”. It is well reported that levels of financial crime have increased substantially during the pandemic, and that is just in relation to the ‘known’ activity. It is highly likely that there is a vast amount of ‘unknown’ criminal activity currently going undetected which will pose a future threat to financial institutions, whether by regulatory scrutiny or enforcement, or by financial write-off. Therefore, the implementation of effective systems and controls to target money laundering are more important than ever, and organisations should be considering whether their current processes are fit for purpose in a post-pandemic world. 

Moving forward, it is imperative that financial institutions recognise the level of work required to meet AML regulatory obligations across their compliance programs. The tone from the top plays an essential role in setting a strong AML culture; however, continued assessment and investment is also required to build and maintain an effective AML framework. With AML enforcement remaining a high priority for regulators globally, financial institutions should continue to ensure that their financial crime-related processes and controls are appropriate, effective, up to date, and fully operational, and that any identified vulnerabilities are addressed. In addition, relevant guidance issued by regulators should be acknowledged in a timely manner. This will ensure that institutions investigate and effectively tackle any indications of potential money laundering activity that may affect their business, and report suspicions of money laundering as appropriate.

For entities looking to improve upon or develop a robust compliance program, there are resources available—through both internal compliance teams and third-party compliance experts. By taking the proper steps now, financial institutions can ensure their compliance programs not only stand up to current regulatory standards and scrutiny, but also safeguard their institution from nefarious actors of the future.