TWO FCA AML CASES (2020-2021) – LESSONS TO LEARN
In the first action, which the FCA took last summer  against Commerzbank AG's London branch, the FCA imposed a fine of £37.8 million.
Commerzbank London provided products and transaction platforms for many of the bank's global customers.
It was also a hub for sales, trading and due diligence processes for many of the bank's global customers.
The FCA found that for over five years, the bank failed to have effective policies and procedures in place to identify, assess, monitor and manage money laundering risks.
In particular, the FCA found:
- Some parts of the bank's operations failed to verify beneficial ownership details, including in relation to high-risk clients, from a reliable source
- Processes for identifying risks with politically exposed persons were inadequate
- There was no clear process or criteria for terminating a relationship with a customer based on financial crime risks; and
- There were substantial and unjustifiable backlogs in conducting refreshed know your client checks. In October 2016, 1,720 new clients were in a 'huge backlog' awaiting to be on boarded. At this point, the bank had only three staff engaged in this task. By February 2017, the backlogs had increased, and 2,226 existing clients were overdue refreshed KYC checks.
- contributed to additional problems because automated systems lacked up to date information which in turn meant they became less reliable and effective.
- meant investment in systems and controls was wasted on measures that were unable to function as they had been designed or proposed.
Goldman Sachs International (Goldman Sachs)
In the second case, together with the PRA, the FCA imposed a fine of £96.6 million on Goldman Sachs International (Goldman Sachs) concerning three bond transactions which Goldman Sachs arranged for 1MDB, a Malaysian state-owned entity associated with serious embezzlement allegations.
Goldman Sachs was the primary booking entity for these transactions which were negotiated by a deal team based in Asia. The bond issuances had several red flags, none of which were tough to spot:
- They were substantial transactions compressed into tight timetables.
- They involved jurisdictions that Goldman Sachs already considered had high risks.
- Goldman Sachs possessed information about a third party whom they considered as high risk and who was said to be closely associated with the transactions.
The FCA found these risks were not adequately explored or considered holistically when approving the bond transactions.
Instead, overreliance was placed on statements of the deal team, who had an evident interest in proceeding with the transactions, to the effect that the third party had no role, despite inconsistent accounts being provided by a senior member of the deal team about the third party's involvement in the first 1MDB bond transaction.
The risk of the third party's involvement was not even raised in the documentation that went before the committees approving the 1MDB Transactions.
Moreover, the approving committees:
- Failed to assess the relevant risks factors either individually or in aggregate when approving the transactions or
- They were not provided with all the information that was available to enable that to happen.
This meant significant reputational and financial crime risks were effectively ignored or censored from the approval process.
A significant failure, in this case, involved:
- The absence of proper record keeping of the identification, management and assessment of the substantial and evident risks involved in the transaction.
Record-keeping is a vitally important part of effective governance.
- It is more than just a minuting of what has happened or being decided but helps to ensure there is an effective and purposeful discipline over the decision-making process.