The NatWest money laundering fine - some takeaways
The circumstance behind NatWest’s £265m fine for money laundering is a fascinating read. And the Statement of Facts provides pointed insight into the failings.
- Read here - https://www.fca.org.uk/publication/corporate/agreed-statement-facts-fca-national-westminster-bank.pdf
Other institutions would do well to measure themselves against these issues and objectively assess whether similar problems have / could occur.
In summary, the issues accepted by the bank were:
- Incorrect customer risk rating
- Automated transaction monitoring:
- Wrong categorisation of cash deposits
- Lack of monitoring for certain products
- System failure to recognise cash deposits and cheques
- No TM differentiators for high-risk clients
- Lack of review/tuning of the system
- Not performing reviews in line with periodic review policy
- Not performing reviews in line with event-driven review policy
- When performing event-driven reviews – doing so poorly
- Poor quality of investigations – both concerning TM and internal SARs
- Lack of critical thinking of bank staff, for example:
- Taking what the customer told them at face value
- Not using data, they had to inform them of risk – for example, comparing expected activity vs actual activity
Three key takeaways:
- No matter how large the organisation, institutions have to have a joined-up, end-to-end control framework.
- Controls that operate in isolation will fail to achieve the overall purpose – stopping money laundering.
- From on-boarding to exit and everything in between, the control framework needs to operate in harmony. Not easy to achieve – but this should be the goal.
- There’s still a long way to implement a genuinely risk-based approach.
- The bank stated that they “deeply regret that we failed to monitor one of our customers adequately”. Was this the bank’s way of appealing for a bit of perspective? One customer out of the tens of millions it banks.
- Regardless, if the bank had a functioning risk-based approach, they would have had the time to look carefully at this customer – in a holistic way – and reach an appropriate conclusion before West Yorkshire Police came knocking.
- The bank has spent £1.4bn on financial crime compliance since 2010 in the guise of change programmes, remediation, systems, and full-time staff; This is a staggering amount.
- And NatWest is not alone amongst their peers in spending this amount of money.
- Firms lose track of the purpose – the reason behind why they’re doing what they’re doing. The prevention of money laundering gets lost, and employing a proper risk-based approach gets this focus back.
- Firms, whatever their size, have to kick the tyres (or get someone to do it for them) to know that their controls are working as intended.
- As the statement of facts noted, “the overarching design of the Bank’s ongoing monitoring systems and its policies and procedures concerning ongoing monitoring was in line with industry guidance”.
- So, from a design perspective, the ongoing monitoring controls did not cause alarm.
- However, as highlighted by the case, they did not operate effectively; and it’s always better to do this of your own volition rather than having a Regulator breathing down your neck.