Print Article

The Royal Bank of Scotland International Limited is fined £1,440,481.00 by IOMFSA for AML fails.


The Isle of Man Financial Services Authority (IOMFSA) has issued a public statement regarding the imposition of a civil penalty on the Royal Bank of Scotland International Limited.

The civil penalty is the sum of £1,440,481, discounted by 30% to £1,008,337 (the “Civil Penalty”).

This development has significant implications for the financial sector and raises important considerations for industry professionals and the public.

  1. Background of the Imposition
    1. The imposition of a civil penalty on the Royal Bank of Scotland International Limited stems from a thorough investigation conducted by the IOMFSA.
    2. The investigation focused on the bank's operations, compliance procedures, and adherence to regulatory standards.
    3. As a result of this investigation, the IOMFSA has taken decisive action by imposing a civil penalty.
  2. Implications for the Financial Industry
    1. This development has far-reaching implications for the financial industry, particularly in the context of regulatory compliance and risk management.
    2. It underscores the critical importance of robust compliance frameworks and diligent adherence to regulatory requirements within the financial sector.
    3. The imposition of a civil penalty serves as a stark reminder of the consequences that may arise from non-compliance with regulatory standards.
  3. Key Takeaways for Financial Institutions
    1. Financial institutions can draw valuable insights from this development to strengthen their own compliance mechanisms.
    2. It highlights the necessity of maintaining a proactive approach to regulatory compliance, encompassing thorough internal controls, regular assessments, and a culture of adherence to regulatory guidelines.
    3. Furthermore, it emphasizes the need for continuous vigilance and responsiveness to evolving regulatory landscapes.
  4. Ensuring Regulatory Compliance
    1. In light of this development, financial institutions must reevaluate their existing compliance frameworks and risk management practices.
    2. This entails a comprehensive review of internal policies, procedures, and controls to ensure alignment with regulatory requirements.
    3. Additionally, it necessitates a heightened focus on transparency, accountability, and ethical conduct across all levels of the organization.


Public Statement Concerning the Imposition Of A Civil Penalty Under Section 16 Of The Financial Services Act 2008 And The Financial Services (Civil Penalties) Regulations 2015 (“The Regulations”) in respect of The Royal Bank of Scotland International Limited ("RBSI") Published on: 15 February 2024

the “Civil Penalty”

  1. The civil penalty is the sum of £1,440,481, which is discounted by 30% to £1,008,337
  1. The Isle of Man Financial Services Authority (the “Authority”) makes this public statement in accordance with powers conferred on it under section 13 of the Financial Services Act 2008 (the “Act”).
  2. The making of such public statement supports the Authority’s regulatory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s financial services industry.
  3. Between June and July 2021, the Authority conducted an inspection of elements of RBSI’s Isle of Man non-personal customer book under section 15 of the Act (the “Inspection”).
  4. The Inspection identified that RBSI had contravened paragraph 7 of the Anti-Money Laundering and Countering the Financing of Terrorism Code 2015 (the “Code”).
  1. RBSI is licensed under the Act to undertake Class 1 (Deposit Taking) and Class 2 (Investment Business), as well as being registered with the Authority as a ‘general insurance intermediary’ under the Insurance Act 2008.
  2. The Inspection was conducted by the Authority between June and July 2021 in relation to elements of RBSI’s deposit taking business and this identified contraventions of paragraph 7 of the Code by RBSI across its non-personal client base (the “Contraventions”).
  3. The final inspection report was issued to RBSI by the Authority on 23 November 2021.
  4. RBSI has engaged promptly and positively with the Authority throughout this matter in a timely and constructive manner.

Key Findings from the Investigation

Contraventions of the Code identified by the Inspection included:

  1. RBSI was unable to demonstrate that its up to date Customer Risk Assessment process was brought into use in a timely manner following the introduction of the Code.
  2. This resulted in 2,239 non-personal customers, on-boarded between 2015 and 2018 (and not rated high risk), having inadequate documented Customer Risk Assessments taking into account the applicable requirements of the Code (paragraph 7 of the Code), albeit these customers were still subjected to a risk rating to a pre-2015 standard during that period.
Key Learning Points for Industry
  1. Compliance with the Code and its subsequent iterations is a legal requirement; the Authority is committed to taking appropriate and proportionate action to address contraventions of the Code.
  2. Procedures and controls are a legal requirement and a fundamental part of a relevant person’s internal risk framework as they protect its staff, business and communities from the threat and / or abuse by criminals or those assisting/enabling criminals. As new legislation and documents are issued domestically it is important for licenceholders, and other relevant persons, to review and update procedures as necessary.
  3. The money laundering/terrorist financing risks posed by certain business relationships demonstrates the increased importance of on-boarding processes (including appropriate documentation and evidencing of risk assessments, sign off, conducting effective ‘Enhanced Customer Due Diligence’ and enhanced ongoing monitoring).
    1. The absence, or ineffectiveness, of these controls will affect a relevant person’s ability to conduct effective and appropriate monitoring, including scrutiny of transactions, which in turn may result in unusual or suspicious activity not being identified in the appropriate circumstances.
    2. Without the appropriate effective procedures and controls being in place, or not being operated adequately, a relevant person will be unable to effectively manage and mitigate the risks of money laundering/terrorist financing (as appropriate) and to conduct the business utilising a risk-based approach as required by the Code.
  1. There are a number of powers available to the Authority to address identified instances of non-compliance with the Code.
  2. The Authority’s powers include, but are not limited to, the issuance of directions and / or public statements as well as the imposition of civil penalties or the commencement of criminal proceedings under the relevant legislation. The particular circumstances and the nature of an entity’s non-compliance with the Code will determine the action(s) taken by the Authority.
  3. Active engagement and cooperation with the Authority provides the best possible opportunity to resolve matters in a timely and constructive manner and, where appropriate, to minimise the likelihood of the Authority taking further action in relation to instances of non-compliance with the Code.
  4. The Authority will publish details of ongoing and concluded matters when it is in the public interest to do so.
  5. Compliance with the Code, or any successor, is a regulatory requirement under the Financial Services Rule Book 2016, made under section 18 of the Act.
  6. The Authority has deemed it appropriate, necessary and proportionate, in all the circumstances, that RBSI be required to pay a civil penalty imposed under the Regulations and the Act.
  7. The Authority acknowledges the constructive dialogue between RBSI and the Authority. RBSI continues its customer outreach work, which will remediate any remaining cases in the population affected by the breach with the Authority having been made fully aware of the steps it has put in place.
  8. As with all discretionary civil penalties issued by the Authority, the level of the Civil Penalty is calculated as a percentage of RBSI’s income in accordance with the Regulations.
  9. In conducting this calculation, there is limited scope to depart from the requirements of the Regulations.
  10. Accordingly, the absolute amount of the Civil Penalty relative to the absolute amount of other civil penalties that have been imposed by the Authority previously does not always reflect the relative seriousness of the contraventions and breaches identified in each matter – the level of a civil penalty (calculated on a percentage basis) is determined each time on the facts of a particular matter and whilst regard is had by the Authority to the level and the percentage of civil penalties imposed in other matters, this is only one of a number of factors.
  11. The level of the Civil Penalty reflects the fact that RBSI co-operated with the Authority and agreed settlement at a relatively early stage. It is also noted by the Authority that there were mitigating factors in this case, and that this has been taken into consideration by it, when determining both the level and the actual amount of the Civil Penalty.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email