On April 9, the United Kingdom Financial Conduct Authority (FCA) announced that it had fined Standard Chartered Bank (SCB) £102,163,200 “for Anti-Money Laundering (AML) breaches in two higher risk areas of its business.” The FCA stated that it had conducted investigations into two areas of SCB’s business that SCB had identified as higher risk: (1) its UK Wholesale Bank Correspondent Banking business; and (2) its branches in the United Arab Emirates (UAE).
The FCA stated that it had found “serious and sustained shortcomings” in SCB’s AML controls relating to customer due diligence and ongoing monitoring, and that SCB “failed to establish and maintain risk-sensitive policies and procedures, and failed to ensure its UAE branches applied UK equivalent AML and counter-terrorist financing controls.”
The United Kingdom Money Laundering Regulations 2007 (MLRs), according to the FCA, required SCB to take two specific types of actions. First, it was required to “establish and maintain appropriate and risk sensitive policies and procedures to reduce the risk it may be used to launder the proceeds of crime, evade financial sanctions or finance terrorism.” Second, it had “to require its global (non-EEA) branches and subsidiaries to apply policies and procedures in relation to due diligence and ongoing monitoring that are equivalent to those required of” SCB in the United Kingdom.
The FCA, however, found “significant shortcomings” in SCB’s own internal assessments of the adequacy of its AML controls, as well as “its approach towards identifying and mitigating material money laundering risks and its escalation of money laundering risks.” These failings, in the FCA’s judgment, exposed SCB “to the risk of breaching sanctions and increased the risk of Standard Chartered receiving and/or laundering the proceeds of crime.” SCB’s reported failings “occurred in its UK Correspondent Banking business during the period from November 2010 to July 2013 and in its UAE branches during the period from November 2009 to December 2014.”
The FCA also provided several examples of the failings in question:
- “opening an account with 3 million UAE Dirham in cash in a suitcase (just over £500,000) with little evidence that the origin of the funds had been investigated;
- “failing to collect sufficient information on a customer exporting a commercial product which could, potentially, have a military application. This product was exported to over 75 countries, including two jurisdictions where armed conflict was taking place or was likely to be taking place; and
- “not reviewing due diligence on a customer despite repeated red flags such as a blocked transaction from another bank indicating a link to a sanctioned entity.”
SCB’s agreement to accept the FCA’s findings meant that the bank qualified for a 30 percent discount that resulted in the £102,163,200 fine. Absent the discount, the FCA stated that the fine would have been £145,947,500.
Note: This fine against SCB for AML violations, coming on the same day that the U.S. Department of Justice announced the criminal settlement of more than $1 billion with SCB for Iranian sanctions violations, should serve as a cautionary tale for financial institution boards of directors and C-level officials. Any financial institution in which more than one of its financial-crimes compliance programs has had serious failings during the same periods — that is, sanctions from 2007 to 2011, and AML from November 2010 to July 2013 (correspondent banking) and from November 2009 to December 2014 (UAE) – cannot seriously claim that it had a culture of compliance during those periods, and should therefore expect penalties of this magnitude.
To understand more clearly the FCA’s findings and reasoning, financial-crime compliance officers should peruse the FCA’s Decision Notice in this case, and use its findings as points of comparison to evaluate the soundness of their own AML programs. Among other findings, that Notice included a specific observation that
SCB’s failings are particularly serious because they occurred against a background of heightened awareness within SCB of issues with its global financial crime controls arising from action taken by US regulators and prosecutors, direct feedback from the Authority, and through its own internal assessments. In addition, throughout the Relevant Period, the Authority, along with the UK government as well as international and domestic governmental organisations, repeatedly issued communications regarding jurisdictions with a high risk of money laundering and/or financial crime.
Financial institutions should therefore recognize that regulators such as the FCA can and will take into account the cumulative knowledge of a financial institution about its financial-crimes risks, as well as the range of external and internal sources of that knowledge, in determining whether that institution should be held accountable for any lapses or failures of its financial-crimes compliance programs.