The recent criminal conviction of National Westminster Bank Plc ("NatWest") by the FCA was unique in that it was the FCA's first prosecution brought for offences under the Money Laundering Regulations. It resulted in a record financial penalty for anti-money laundering (AML) failures (£264.8m). But what insights can be taken from this case?
Serious AML Failures
Two documents provide an understanding of the case and the breaches that occurred; the Agreed Statement of Facts and the Sentencing Remarks. Both reveal just how serious the AML failures were – unchecked cash deposits in the millions, cash erroneously recorded as cheques, bin bags bursting with cash, customer business sectors being incorrectly recorded, improper customer risk ratings, substantial weaknesses in monitoring protocols, overreliance on relationship managers in relation to suspicious activity considerations, the list goes on. It is therefore understandable that the FCA decided to flex its criminal powers for the first time.
In an article posted on 19 October, we looked at what is on the horizon for the FCA in terms of criminal vs civil sanctions for AML breaches. The FCA previously informed Howard Kennedy that it currently has 45 investigations relating to money laundering breaches, and 9 of these have a criminal element. The magnitude of the recent sanction handed down to NatWest by the Southwark Crown Court will no doubt bolster the FCA's confidence and appetite for prosecuting companies for AML breaches in the future.
However, the issues in this particular case do little to inform regulated firms about the do's and don'ts in terms of AML policies and procedures. If we look back at other cases involving banks being sanctioned for AML failings, the issues are all too familiar. It’s the same old story, albeit with a few more headline grabbing issues. However, there are a few important points worth noting.
Leaky Lines of Defence
The Statement of Facts considered the industry recognised 'Three Lines of Defence' model regarding compliance with AML obligations (broadly, line management, risk control functions and risk assurance functions such as internal or external audit).
On the face of it, NatWest's ‘First Line of Defence’ in its Corporate Banking Division (later renamed the Commercial and Private Banking), appeared robust. It comprised not only the AML roles performed by frontline staff (including branch staff, branch managers and the account's Relationship Management Team), but also various specific financial crime teams undertaking AML functions, including:
- The Central Exceptions Unit which dealt with referrals for customers in certain high-risk sectors on account opening or exit;
- Financial intelligence teams, which carried out certain investigations into clients, shared intelligence with similar teams within the Group, and monitored the work of the Nominated Office Function. These teams would also provide quality assurance of investigations and advice on AML typologies, ongoing risks on customer accounts and disclosure to the authorities; and
- Customer Due Diligence Controls, which was responsible for monitoring and maintaining the customer due diligence framework across the Commercial and Private Banking department.
- Certain AML First Line of Defence functions were also delegated to a Group-wide "Services" function.
NatWest's ‘Second Line of Defence’ was provided by the Conduct & Regulatory Affairs function, which included the Financial Crime Intelligence and Investigations Unit. The ‘Third Line of Defence’ was provided by the internal audit function.
So how did the breaches occur?
The failings appeared to have occurred as a result of systematic failings within NatWest's AML programme, including breaches of its own policies and procedures. This included:
- Failings within its Relationship Management Team;
- Failings in its automated transaction monitoring;
- Inadequate investigations when internal money laundering suspicion reports were made;
- Failure to conduct any adequate independent review;
- Failure to keep documents, data and information up to date;
- Failure to conduct sufficient formal reviews of the account in line with its own policies;
- A failure to treat Fowler Oldfield as a high-risk customer for a period of over 2 years.
The Sentencing Remarks stated that it was agreed that the criminal conduct resulted from failings in NatWest's First Line of Defence. However, neither the Agreed Statement of Facts nor the Sentencing Remarks give any indication of the level of scrutiny NatWest came under by the FCA in relation to its Second and Third Lines of Defence. It is perhaps fortunate that the Second and Third Lines of Defence appeared to avoid any real criticism in the Sentencing Remarks particularly given the failings identified within the Nominated Office Function Team at Borehamwood. After all, this all occurred under the watch of the various MLRO's, the Nominated Officer and the Financial Crime Intelligence Unit. It also went undetected by the internal audit function.
The Agreed Statement of Facts narrowed the scope of the issues, and, just as importantly, it demonstrated NatWest's overall commitment to its AML programme. For example, it described in detail the efforts made by NatWest towards its AML programme, and stated that it made a serious financial commitment towards this. Perhaps this was key to limiting the responsibility of the Second and Third Lines of Defence in respect of the breaches, especially give the size, nature and complexity of NatWest's operations as a whole. However, it does seem a little odd that the decision for laying the blame solely at the door of the First Line of Defence is not explained in any particular detail, especially given the seriousness of the AML breaches concerned.
The Importance of the Agreed Statement of Facts
Mrs Justice Cockerill commented that the sentence reached was on the basis of the Agreed Statement of Facts. In her sentencing remarks, the Judge offered her gratitude to both the prosecution and defence for their excellent co-operation in producing such a full and helpful document. In seems critical that NatWest investigated these historic issues properly and cooperated with the FCA. This ultimately resulted in the Agreed Statement of Facts, which clearly played a vital role in determining (and perhaps limiting) the bank's culpability.
The issue of how to respond to a regulatory investigation is always a difficult one and corporations should seek specialist expert advice on this issue on a case by case basis.