Final Notice

On , the Financial Conduct Authority issued a Final Notice to Steven George Smith

FINAL NOTICE

Reference Number: SGS01046

Address:

Sonali Bank (UK) Ltd, 29-33 Osborn Street, London E1 6TD

1.
ACTION

1.1
For the reasons given in this notice, the Authority hereby:

(1)
imposes on Steven Smith a financial penalty of £17,900; and

(2)
makes an order prohibiting Mr Smith from performing the SMF16

(compliance oversight) and SMF17 (money laundering reporting) senior

management functions and the CF10 (compliance oversight) and CF11

(money laundering reporting) controlled functions in relation to any

regulated activities carried on by any authorised or exempt persons, or

exempt professional firm. This order takes effect from 12 October 2016.

1.2
Mr Smith agreed to settle at an early stage of the Authority’s investigation. Mr

Smith therefore qualified for a 30% stage 1 discount under the Authority’s

executive settlement procedures. Were it not for this discount, the Authority

would have imposed a financial penalty of £25,600 on Mr Smith.

2

2.
SUMMARY OF REASONS

2.1
The prevention of money laundering and financial crime is essential to

maintaining the integrity of the UK financial system. Banks and other financial

service firms are responsible for managing the risk that they might be used by

those seeking to launder the proceeds of crime and are subject to significant

regulatory requirements to maintain robust AML systems and controls.

2.2
The role of MLRO is a vital one in any regulated firm. The implementation of

adequate AML systems and controls requires an MLRO who takes a robust

approach, ensures that AML responsibilities are understood at all levels of the

organisation, has sound knowledge of the controls, ensures that regular testing

and monitoring is carried out, and escalates concerns appropriately to senior

management.

2.3
In February 2011, Mr Smith was appointed to be the MLRO and the compliance

officer at SBUK and was responsible for overseeing the day-to-day operation of

the AML systems and controls. Mr Smith was aware that in 2010 the Authority

had identified serious failings in SBUK’s AML systems and controls and that SBUK

had put in place a Remediation Plan.

2.4
In successive years, and despite the warnings of the Internal Auditors, Mr Smith

failed to put in place compliance monitoring plans which were appropriately

focussed on the risks faced by SBUK and which adequately demonstrated that

SBUK’s AML systems were working effectively.

2.5
Despite suffering from being overworked personally and from a lack of resource in

the MLRO department, Mr Smith failed to impress upon senior management the

need for further resources even when these were adversely affecting the

monitoring work carried out by the MLRO department. When he was given

permission to recruit further resource, Mr Smith failed to take adequate steps to

ensure that further resource was recruited in a timely fashion.

2.6
Mr Smith continued throughout the Relevant Period to reassure the board and

SBUK’s senior management that SBUK’s AML systems were working effectively.

Mr Smith did not take sufficient steps to address the concerns raised by the

Internal Auditors and failed to report adequately the results of internal testing.

2.7
In particular, he failed to put in place effective systems for ensuring that staff

were aware of their AML responsibilities and complied with their requirements

under the ML Requirements yet continued to reassure the board and senior

3

management that staff adequately understood their responsibilities. Despite

appreciating a “surprising” lack of SARs made by staff, particularly in relation to

the trade finance business, in three successive years, he failed to investigate the

reasons.

2.8
While responsible for monitoring SBUK’s AML compliance system, Mr Smith failed

to identify serious failures to carry out adequate CDD, EDD, customer and

transaction monitoring. Consequently, in 2014, a Skilled Person found “systemic”

AML failings throughout SBUK’s business.

2.9
As a result of the above, the Authority considers that Mr Smith breached

Statements of Principle 6 (exercising due skill, care and diligence in managing the

business of the firm for which he is responsible) and was knowingly concerned in

SBUK’s breach of Principle 3 (taking reasonable steps to organise its affairs

responsibly and effectively, with adequate risk management systems).

2.10
The Authority accepts that Mr Smith made some improvements to the AML and

compliance control systems at SBUK and that he suffered from a serious lack of

management support in conducting his role as MLRO and in ensuring that SBUK

maintained a culture which paid sufficient heed to its AML requirements. The

Authority considers that the support of senior management in resourcing and

empowering MLROs appropriately is vital to maintaining robust systems.

Nevertheless, there are a number of steps available to an MLRO who does not

enjoy such support and who has concerns about the AML systems in place at a

firm. These include ensuring that concerns are appropriately reported to senior

management, escalating concerns to the board or to relevant risk or audit

committees, highlighting concerns to internal or external auditors, requesting

independent expert advice on the areas of concern, outlining concerns fully and

appropriately in annual MLRO reports or reporting concerns to the Authority. Any

such report to the Authority could be made on a confidential basis. Mr Smith

failed to take any of these steps.

2.11
The Authority therefore imposes a financial penalty on Mr Smith in the amount of

£17,900 pursuant to section 66 of the Act.

2.12
The Authority also considers that Mr Smith has demonstrated a serious lack of

competence and capability. As a result, the Authority considers that he is not a fit

and proper person to perform the SMF16 (compliance oversight) and SMF17

(money laundering reporting) senior management functions and the CF10

(compliance oversight) and CF11 (money laundering reporting) controlled

functions in relation to any regulated activity carried on by any authorised person,

exempt person or exempt professional firm and prohibits him from carrying out

such functions pursuant to section 56 of the Act.

2.13
This action supports the Authority’s operational objectives of securing an

appropriate degree of protection for consumers and protecting and enhancing the

integrity of the UK financial system.

3.
DEFINITIONS

3.1
The definitions below are used in this Decision Notice.

“the 2010 Visit” means the visit by the Authority to SBUK on 26 and 27 July

2010;

“the 2014 Visit” means the visit by the Authority to SBUK in January 2014;

“the Act” means the Financial Services and Markets Act 2000;

“AML” means anti-money laundering;

“the AML Staff Handbook” means the “Anti-money laundering and countering

terrorist financing Handbook for Management and Staff”, the document used by

SBUK to outline its AML processes and provided to its staff;

“APER” means the part of the Authority’s Handbook entitled “Statements of

Principle and Code of Practice for Approved Persons”;

“the Audit Committee” means the committee of SBUK’s board responsible for

monitoring operational controls;

“the Authority” means the body corporate previously known as the Financial

Services Authority and renamed on 1 April 2013 as the Financial Conduct

Authority;

“CDD” means customer due diligence measures, the measures a firm must take to

identify its customer and to obtain information on the purpose and intended

nature of the business relationship, as outlined in regulation 5 of the ML

Regulations;

5

“CEO” means Chief Executive Officer;

“DEPP” means the Authority’s Decision Procedure and Penalties Manual;

“EDD” means enhanced due diligence, the measures a firm must take in certain

situations, as outlined in regulation 14 of the ML Regulations;

“the Internal Auditors” means the firm appointed by SBUK to conduct audits of its

systems and controls during the Relevant Period;

“JMLSG” means the Joint Money Laundering Steering Group, a group made up of

the leading UK trade associations in the financial services industry with the aim of

promulgating good practice in countering money laundering;

“the ML Regulations” means the Money Laundering Regulations 2007;

“MLRO” means the money laundering reporting officer;

“PEP” means politically exposed person, as defined in regulation 14(5) of the ML

Regulations;

“Principle” means one of the Authority’s Principles for Businesses;

“Relevant Period” means the period from 21 February 2011 to 21 July 2014;

“the Remediation Plan” means the series of measures designed by SBUK to

remediate the issues identified by the Authority during the 2010 Visit;

“SAR” means suspicious activity report, a report of suspected money laundering

to be made by any employee to the MLRO, as required by Part 7 of the Proceeds

of Crime Act 2002;

“SBUK” means Sonali Bank (UK) Ltd;

“the Skilled Person” means the skilled person appointed pursuant to section 166

of the Act to assess and report upon SBUK’s AML processes;

“Statement of Principle” means one of the Statements of Principle for Approved

Persons set out in chapter 2 of APER; and

6

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).

4.
FACTS AND MATTERS

4.1
SBUK is the UK subsidiary of Sonali Bank Limited, which is incorporated in

Bangladesh. SBUK has been authorised since 6 December 2001 and provides

banking services to the Bangladeshi community in the UK. During the Relevant

Period, SBUK operated six branches in the UK and the services it offered included

personal and corporate accounts, money remittance services to Bangladesh

(conducted face-to-face and by telephone) and trade finance.

4.2
In 2014, SBUK had 2,457 live customer accounts and 85,625 registered remitters,

of which 11,268 had been active in the preceding 12 month period. Its turnover

was £10,113,368.

4.3
On 21 February 2011, Mr Smith was appointed SBUK’s compliance officer and

MLRO. He held the CF10 (compliance oversight) and CF11 (money laundering

reporting) controlled functions throughout the Relevant Period. These were

accountable significant-influence functions within the meaning of APER.

Formal roles and responsibilities

4.4
As the MLRO, Mr Smith had responsibility for oversight of SBUK’s compliance with

the Authority’s rules on systems and controls against money laundering and his

job was to act as the focal point for all activity within SBUK relating to AML.

4.5
Mr Smith’s main duties included:

(1)
developing and maintaining SBUK’s AML policy in line with evolving

statutory and regulatory obligations;

(2)
supporting and co-ordinating management focus on the money laundering

risk in individual business areas;

(3)
assisting management to develop and maintain an effective AML and

counter-terrorist financing compliance culture;

(4)
ensuring that SBUK’s risk management policies, risk assessment profile

and their application were adequately documented;

7

(5)
determining and updating the money laundering risk-based approach and

the risk assessment of SBUK’s customers, products and services;

(6)
establishing and maintaining appropriate risk-based monitoring processes

that were proportionate to the scale, nature and complexity of SBUK’s

operations;

(7)
documenting SBUK’s risk-based strategies and the basis for the risk-

assessment and monitoring process;

(8)
ensuring that staff were complying with the stated policy and therefore

monitoring operations and development of the policy to this end;

(9)
undertaking annual money laundering compliance reviews and providing

additional management information as necessary;

(10)
making any recommendation for action to remedy any deficiencies in

policies, procedures, systems or controls and following up on those

recommendations;

(11)
monitoring day-to-day operation of SBUK’s AML policies; and

(12)
ensuring that all relevant staff were adequately trained in money

laundering and terrorist finance prevention, that the standards and scope

of the training was appropriate, and that appropriate training records were

kept.

4.6
During the Relevant Period, Mr Smith produced a monthly ‘Compliance and

Financial Crime Report’ which was submitted to SBUK’s senior management.

These reports were provided to the Audit Committee and to the board, both of

which met quarterly during the Relevant Period. He prepared an annual MLRO

report which was designed to report on the operation and effectiveness of the AML

systems and controls over the previous year.

4.7
In addition to maintaining AML systems and controls, Mr Smith was required to

act as SBUK’s compliance officer throughout the Relevant Period. His main duties

included:

(1)
to design and implement systems for the operation of the business within

the Authority’s rules;

(2)
to monitor systems and ensure that they were working as intended;

(3)
to supervise appropriate training programs for individuals within SBUK;

(4)
to register (and notify the Authority if required) rule breaches and to take

appropriate remedial action; and

(5)
to register details of complaints and to ensure that they were resolved

efficiently and effectively.

The 2010 Visit

4.8
On 26 and 27 July 2010, as part of thematic work considering financial crime

controls, the Authority visited SBUK to assess its AML systems and controls.

Subsequently, on 20 August 2010, the Authority notified SBUK of a number of

serious concerns. As a result of the 2010 Visit, SBUK put in place the Remediation

Plan and took a number of steps intended to rectify the issues identified.

4.9
When he was appointed MLRO, Mr Smith was made aware of the Authority’s

concerns arising from the 2010 Visit and the implementation of the Remediation

Plan. In February 2011, a few weeks following Mr Smith’s appointment, the

Authority was informed by SBUK that Mr Smith had taken over responsibility for

ensuring the implementation of the Remediation Plan, and that nine out of a total

of 19 items listed in the Remediation Plan were still outstanding.

The 2014 Visit

4.10
In January 2014, the Authority visited SBUK as part of follow-up work to assess

AML controls in smaller banks. Notwithstanding the measures taken as a result of

the 2010 Visit, the Authority identified serious AML failings.

4.11
The Authority requested that SBUK take a number of immediate actions to

address the risks posed by its AML weaknesses. These included lowering the

remittance threshold for obtaining source of funds information, screening its

customers to identify PEPs, conducting EDD on all PEPs and high risk customers

and carrying out visits to its branches to assess their AML systems.

4.12
As a result of concerns arising from the 2014 Visit, a Skilled Person was appointed

to assess and report upon SBUK’s AML systems and controls. On 21 July 2014,

the Skilled Person reported its findings. It concluded that there were “systemic”

AML failings arising from “a lack of understanding and implementation of systems

and controls throughout the Bank”.

4.13
As a result, the Authority investigated SBUK’s AML systems and controls during

the period 20 August 2010 to 21 July 2014. The Authority concluded that SBUK

failed to maintain adequate systems and controls to manage the risk of money

laundering and financial crime. These failures were systemic, and affected almost

all levels of its business and governance structure. Details of the Authority’s

findings in respect of SBUK are set out at Annex A.

4.14
As the MLRO, Mr Smith was responsible for overseeing the day-to-day operation

of the AML systems and controls at SBUK and ensuring that they remained

effective.

4.15
The Authority accepts that Mr Smith faced significant challenges in conducting his

work as MLRO in that he received inadequate support from senior management

and faced a working environment throughout SBUK which failed to pay sufficient

heed to the importance of complying with AML requirements.

4.16
The Authority considers that the support of senior management is vital in

ensuring that MLROs are appropriately resourced and empowered to carry out

their roles effectively. However, if an MLRO is not given such support and has

concerns about the operation or effectiveness of the AML controls within a firm,

there are a number of steps which he or she could take. These include:

(1)
ensuring that concerns are appropriately and robustly reported to senior

management and that a record is kept of such reports;

(2)
escalating concerns to the board or relevant risk or audit committees;

(3)
highlighting concerns to internal or external auditors, if necessary

requesting that they examine the operation of the relevant controls or

business functions;

(4)
requesting independent expert advice on the areas of concern;

(5)
outlining concerns fully and appropriately in annual MLRO reports; or

(6)
reporting concerns to the Authority. Any such reports to the Authority may

be made on a confidential basis and may attract the protections given by

the Public Interest Disclosure Act 1998.

4.17
Mr Smith had the opportunity to take any of the above steps. However, despite

numerous warning signs, he failed to identify the weaknesses in SBUK’s AML

systems and controls or to impress upon SBUK’s board or senior management the

need to strengthen these systems considerably. His reports failed to highlight

issues of concern and, instead, on various occasions, he provided the board and

senior management with assurances that the systems were appropriate and were

working effectively.

4.18
In addition to the duties described above, Mr Smith was also required:

(1)
to act as a line manager to staff within the MLRO department;

(2)
to train staff within the MLRO department;

(3)
to act as data protection officer; and

(4)
to undertake some company secretarial work.

4.19
The additional responsibilities that Mr Smith was expected to perform meant that

he was overstretched, hampering his ability to focus on his duties as MLRO. For

example, SBUK allocated the roles of minute taker for board and Audit Committee

meetings to Mr Smith. This required attending each meeting, which lasted up to a

full day, typing the minutes of each meeting, and ensuring that they were

appropriately approved. Mr Smith accepted that this was not appropriate for his

role. However, he did not at any point during the Relevant Period request that the

responsibilities for taking minutes be assigned to someone else.

4.20
At his request, an assistant was allocated to Mr Smith in 2011. Thereafter, Mr

Smith did not raise his workload as a concern to senior management until March

2013. In his annual MLRO reports for 2011 and 2012, Mr Smith confirmed that

the level of resourcing available to him was appropriate.

4.21
In March 2013, at his request, Mr Smith was given responsibility for recruiting a

further staff member to the MLRO department. However, he failed to take the

necessary steps to ensure that a staff member was recruited until January 2014.

4.22
The lack of adequate resource in the MLRO department adversely affected the

monitoring work carried out by it. For example, in August 2013, the Internal

Auditors noted that only 17 reviews of trade finance files had been carried out,

rather than the 75 mandated by SBUK’s procedures. Further, throughout the

Relevant Period, Mr Smith failed to carry out visits to SBUK’s branches because he

did not have the time to do so.

4.23
The Authority accepts that the extent of the resources available to Mr Smith was

only partially within his control. Nevertheless, Mr Smith did not take adequate

steps during the Relevant Period to impress upon SBUK’s senior management how

overstretched the MLRO department was and how it was adversely affecting his

duties as MLRO. Although he sought further resources in 2013, he did not take

adequate steps to ensure that such resources were put in place as soon as they

were needed.

AML oversight

Compliance monitoring plans

4.24
SBUK’s AML controls systems depended heavily on monitoring to be carried out by

the MLRO department. The monitoring programme was outlined in SBUK’s

compliance monitoring plans. Mr Smith was responsible for drafting and

implementing SBUK’s compliance monitoring plans. In each year of the Relevant

Period, these were in reality task lists which failed to identify clearly the testing to

be completed by the MLRO department, failed to record the rationale for

conducting those tests, failed to contain sufficient detail on how testing was to be

completed and failed to enable the results of any testing to be included in current

or subsequent plans.

4.25
In 2012, the Internal Auditors noted that there was no evidence in SBUK’s risk

register to demonstrate that SBUK had identified and assessed its conduct risk

and no demonstrable link between the risk register and the compliance

monitoring plan. The Internal Auditors recommended that SBUK establish a risk

appetite for conduct risk and that the compliance monitoring plan be reviewed to

focus on those issues posing the greatest risk to SBUK. Mr Smith was assigned to

complete these tasks.

4.26
This presented Mr Smith with the opportunity to emphasise to SBUK’s board and

senior management the need to ensure that SBUK was fully sighted of its AML

risks and that sufficient time and resource was being devoted to an appropriate

system of monitoring to mitigate these risks.

4.27
Although Mr Smith undertook some analysis of the conduct risks facing SBUK, the

2013 compliance monitoring plan was very similar in form and content to that of

2012 and no conduct risk appetite statement had been documented. While the

2013 compliance monitoring plan was approved by the Audit Committee in 2013,

it is apparent that that the concerns of the Internal Auditors had not been taken

into account in drafting it.

4.28
In 2013, the Internal Auditors reported that, despite SBUK having certified the

points as complete, there was still no conduct risk appetite statement and the

compliance monitoring plan was still not demonstrably risk based. They noted

that the compliance monitoring plan appeared to be a task schedule rather than a

true compliance monitoring plan and did not include any detail surrounding the

scope of the monitoring to be completed. They recommended that the compliance

monitoring plan should be updated to include the scope of monitoring and that

the link between risks detailed in the risk register and the compliance monitoring

activity should be clearly demonstrated.

4.29
Mr Smith was again assigned these tasks and undertook to complete a full review

of the compliance monitoring plan to incorporate the recommendations in the

2014 compliance monitoring plan.

4.30
However, the compliance monitoring plan for 2014 was again similar in form and

content to those of 2012 and 2013, providing no detail of the monitoring activity

to be undertaken, no rationale for it and no link to the risks faced by SBUK.

4.31
While the compliance monitoring plans did not focus exclusively on AML controls,

these formed an important part of them. Each compliance monitoring plan was

deficient in identifying the monitoring activity to be completed and the rationale

behind it. As a result, SBUK’s compliance monitoring activity was insufficiently

focussed on its AML risks and SBUK’s board and senior management were unable

sufficiently to identify by reference to the compliance monitoring plan that the

AML systems and controls were deficient.

4.32
In drafting the compliance monitoring plans, Mr Smith failed to address

adequately the recommendations of the Internal Auditors.

Inadequate management information

4.33
Mr Smith was responsible for ensuring that SBUK’s senior management was kept

properly informed of any AML issues. He introduced monthly Compliance and

Financial Crime reports and annual MLRO reports for this purpose. However, these

reports were formulaic, provided little analysis on the effectiveness of systems

and controls and failed to highlight particular risks or issues for the immediate

attention of management. Mr Smith failed to highlight the failure to remediate

customer files to senior management and failed to escalate other concerns about

SBUK’s AML systems, including concerns raised by the Internal Auditors.

4.34
For example, in December 2011, having conducted a review of SBUK’s AML

systems and controls, Mr Smith identified a number of deficiencies. While Mr

Smith reported these to the Audit Committee, when AML issues were raised at a

subsequent board meeting, he failed to raise them. As a result, they were not

adequately reported to the board. Mr Smith relied on senior management

experience and expected that they would request that he include in the reports

any other information that they deemed necessary. No such request was made

and many reports were accepted by senior management without question.

4.35
As a result of the above, the reports to SBUK’s board and senior management did

not enable it to conduct proper oversight of the AML systems and controls, to

identify the AML risks faced by SBUK and to identify the weaknesses in its AML

controls.

Reporting concerns – trade finance

4.36
In December 2013, the Internal Auditors considered a sample of 35 trade finance

files. They identified deficiencies in 83% of the files, including insufficient CDD

and a failure to gain approval from the MLRO in respect of high risk transactions.

It was noted that “high risk” was not defined and a recommendation was made to

update the trade finance manual.

4.37
Despite these concerns, Mr Smith made no significant changes to the AML

processes governing trade finance transactions as a result. Moreover, he failed to

report the findings of the Internal Auditors to SBUK’s board and senior

management appropriately.

4.38
The 2014 annual MLRO report identified the Internal Auditors as having “revealed

a significant issue relating to compliance checks on Trade Finance files, mainly

surrounding the volumes and frequency of the checks that are undertaken”. This

failed entirely to note the deficiencies in the files themselves found by the Internal

Auditors.

Reporting concerns – governance and regulation

4.39
During each year of the Relevant Period, the Internal Auditors produced reports in

respect of governance and regulation. The Internal Auditors assessed the

governance and compliance of SBUK with regulatory responsibilities. These

assessments included, but were not limited to, AML issues. The Internal Auditors

assigned an overall grading to the risks they had identified.

4.40
In 2011, the overall assessment was ‘3’, indicating “actual/potential significant

implications for SBUK as a whole or as a business area (say a department)”. In

both 2012 and 2013, the overall grading was ‘4’, the highest grade available,

indicating “actual/potential very serious implications for SBUK”.

4.41
Each of the reports of the Internal Auditors provided an objective assessment of

the controls within SBUK and represented opportunities for Mr Smith to impress

upon the board and senior management the importance of implementing and

maintaining robust control systems and of allocating the necessary resources to

allow this to be done.

4.42
However, Mr Smith failed to take these opportunities. While some measures were

put in place as a result of the Internal Auditors’ concerns, other recommendations

were deemed unnecessary or not implemented: in respect of several failings, the

Internal Auditors noted that they persisted in subsequent years, despite the

assurances of senior management that they would be remedied.

4.43
Moreover, Mr Smith failed to report the findings of the Internal Auditors

appropriately. In the annual MLRO report for 2013, no reference was made to the

findings of the Internal Auditors’ 2012 governance and regulation assessment

while, in the 2014 MLRO report, it was noted simply that “none of these issues

were considered significant and all have since been completed”.

4.44
Mr Smith failed to consider the findings of the Internal Auditors in any depth and

failed to use the findings of the Internal Auditors to effect meaningful change.

AML monitoring of the business

4.45
SBUK’s head office was based in London. During the Relevant Period, it operated

five additional branches, providing retail banking and money remittance services.

Mr Smith was responsible for maintaining SBUK’s AML policy and processes and

for ensuring that staff were complying with these processes.

4.46
SBUK’s AML policy and processes were set out in the AML Staff Handbook. The

AML Staff Handbook had been drafted before Mr Smith’s arrival at SBUK but he

reviewed it annually. Throughout the Relevant Period, it remained a high level

manual that provided little practical guidance to staff to assist them with carrying

out their functions effectively. Staff were provided with the AML Staff Handbook

but were given limited further guidance on how to follow AML processes.

4.47
For example, staff were instructed that prior to establishing a relationship or

opening an account, they were required to obtain “sufficient due diligence” but the

guidance did not specify what would be considered as “sufficient”.

4.48
This meant that staff members were not provided with adequate guidance on how

to comply with SBUK’s AML processes. Mr Smith did ensure that all staff members

received annual training in AML issues but this training was generic to all staff

members and Mr Smith placed excessive reliance on the training provided to staff

as a means of ensuring that staff understood their AML responsibilities and were

able to follow them effectively.

4.49
In each of the annual MLRO reports of 2012, 2013 and 2014, Mr Smith outlined a

recommendation for a regular program of visits to be conducted by him to the

branches to monitor the adherence of branch staff to SBUK’s AML policy and

procedures. As a result of the lack of resources in the MLRO department, these

visits did not take place until after the Authority’s feedback from the 2014 Visit.

4.50
Instead, Mr Smith relied upon transaction monitoring, discussions at half-yearly

conferences, by providing advice and guidance to staff members by email and

telephone and by answering ad hoc queries posed by staff members to ensure

that AML processes were being followed by branch staff.

4.51
When SBUK’s senior management carried out branch visits in April 2014, SBUK

identified a serious lack of adequate understanding of AML issues among some

branch staff, including unsatisfactory knowledge of CDD, EDD, customer risk

assessments and the circumstances in which a SAR was necessary.

4.52
The Skilled Person considered that staff had “struggled to understand the AML and

financial crime implications relevant to the Bank or, indeed, the checks they are

required to undertake”.

4.53
Because Mr Smith did not visit the branches before that time, he failed to

appreciate the lack of knowledge and understanding of AML issues among branch

staff. Despite this, on numerous occasions, Mr Smith provided assurances to the

Audit Committee and to board members that staff members were aware of their

responsibilities and that the AML systems and controls were adequate.

4.54
One indicator of the inadequate level of staff understanding was the low level of

SARs. It was the responsibility of SBUK staff members to refer any suspicious

activity to the MLRO by completing a SAR. Throughout the Relevant Period, SBUK

staff made very low levels of SAR submissions. In each of the annual MLRO

reports between 2011 and 2014, Mr Smith described the lack of SARs referred to

him by staff, particularly those in the trade finance area, as “surprising”. Despite

this, Mr Smith took no steps to investigate whether staff members were

submitting SARs appropriately.

4.55
Moreover, at the January 2013 board meeting, a member of the board asked Mr

Smith whether he was concerned about the low number of SARs. Mr Smith

responded that based on the transaction monitoring that he carried out he was

content that branch staff were fully aware of their responsibilities.

4.56
However, when SBUK reviewed its customer files and a sample of its remittance

transactions following the Skilled Person report, an additional 141 SARs were

submitted in respect of account holders and 102 SARs in respect of remittance

transactions. This is a clear indicator that staff had previously failed to report

suspicious activity appropriately.

4.57
The Skilled Person identified a “worrying lack of knowledge and expertise in

identifying suspicious transactions from some of the branch staff interviewed”.

4.58
By failing to make enquiries into the reasons for the “surprising” levels of SAR

submissions, Mr Smith failed to establish that staff members were not submitting

them
in
appropriate
circumstances,
meaning that potentially suspicious

transactions were not investigated and serious weaknesses in SBUK’s AML

systems and controls were not identified.

4.59
Mr Smith was responsible for reviewing all account opening documentation prior

to SBUK accepting a new customer. As a result, he was aware of the risk

assessments conducted and what level of due diligence had been carried out in

respect of each new customer.

4.60
SBUK’s customer risk assessment was set out in the AML Staff Handbook and

consisted of a high level risk framework. It lacked clarity, and was at times

contradictory. For example from January 2011, the AML Staff Handbook provided

for SBUK to treat all new customers as high risk for the first six months. However,

this contradicted the 2012 and 2013 MLRO reports produced by Mr Smith, which

stated that SBUK’s policy was “not to conduct relationships with any individual or

organisation which it considers to be high risk or engages in high risk activities,

except for correspondent banking relationships”.

4.61
The ML Regulations require firms to carry out EDD in any situation which can

present a higher risk of money laundering. SBUK’s policies required it to carry out

EDD in respect of all high risk customers. The AML Staff Handbook reflected this

requirement. The classification of all new customers as high risk therefore

required SBUK to conduct EDD on all of these customers. The AML Staff Handbook

also set out SBUK’s policy and procedural requirements for carrying out EDD, but

it did not adequately explain what EDD was, and did not provide staff with

guidance on how to carry out EDD.

4.62
In fact, throughout the Relevant Period, SBUK routinely failed to carry out EDD in

respect of its new customers. Mr Smith was aware of this and stated that it was

on the basis that they were not in fact high risk for the purposes of the ML

Regulations. Mr Smith failed to recognise the inherent contradiction in this

position. The result of this was that SBUK failed to follow its own policies and

failed to give any meaningful consideration to whether the risks of a particular

customer merited carrying out EDD.

4.63
In addition, the Skilled Person found a systemic failure to carry out sufficient

CDD. Failings included scanned documentation which was unclear, out of date

identification documentation, incomplete account opening forms (a control sheet

to confirm that AML procedures are being followed), and insufficient information

about the purpose and nature of the proposed relationship and expected account

activity. Following the Skilled Person’s Report, SBUK identified 2,457 live

customer accounts. Each file suffered from a lack of appropriate documentation.

4.64
As well as being responsible for reviewing all account opening documentation, Mr

Smith was also responsible for undertaking random sample checks of live

customer accounts on a monthly basis. Despite this, although Mr Smith identified

a number of deficiencies with the account opening documentation held by SBUK,

he failed to take adequate steps to address the shortcomings and thereby failed to

ensure that SBUK complied with its requirements to conduct CDD and EDD.

4.65
By failing to take reasonable steps to ensure that SBUK verified information from

its customers where appropriate, Mr Smith exposed SBUK to an increased risk of

being used to further money laundering. In addition, by failing to take reasonable

steps to ensure that EDD was always conducted at the point that SBUK first

considered an account to present a higher risk of money laundering, SBUK was

unable to use such information to inform its decision as to how to mitigate the

increased money laundering risk (which might, in some instances, include

declining to open the account or discontinuing the business relationship). Failing

to conduct EDD in a timely manner leaves a firm under-informed of money

laundering risk and undermines its efforts to undertake adequate enhanced

ongoing monitoring of transactions.

Customer monitoring

4.66
SBUK’s policy was to review all new customer accounts six months after the

accounts had been opened. This was to ensure that verified identification

information remained unchanged, to determine whether or not account activity

during that six month period was consistent with the expectations drawn at the

onboarding stage and to assess the ongoing risk of the customer. These reviews

were introduced by Mr Smith and were conducted by the MLRO department.

4.67
However, the reviews undertaken by the MLRO department after the initial six

months were flawed. For example, the documentary evidence obtained was

limited and the reasons for classifying a customer as high, medium or low risk

were not clearly documented. Thereafter, despite the AML Staff Handbook

providing for regular reviews at intervals dependent on the customer’s risk rating,

there was no formalised process for conducting these reviews on an ongoing

basis. While Mr Smith continued to monitor customers assessed to be “high risk”,

other customers were subjected only to transaction monitoring. This meant that,

after the initial six month review, little consideration was given to the AML risks

posed by a particular customer unless he or she completed an individual

transaction which was subject to monitoring. Mr Smith failed to appreciate until

2013 that these reviews were not being completed in accordance with the process

outlined in the AML Staff Handbook and failed to take steps to ensure such

reviews were completed until after the 2014 Visit.

4.68
Mr Smith was responsible for keeping under review SBUK’s relationship with PEPs.

However, until 2014, although checks were carried out in respect of new

customers the MLRO department did not conduct routine screening of SBUK’s

customer list to identify PEPs. Mr Smith was aware of this but did not consider it

was a priority. On occasions, information which suggested customers were PEPs

was discounted without any documented reasoning. This meant that SBUK risked

failing to appropriately identify PEPs.

4.69
Even when SBUK identified a customer as a PEP, it failed to carry out adequate

EDD. In particular, it failed to take adequate measures to establish the source of

particular funds or, in appropriate circumstances, the source of the customer’s

wealth. Assessing what measures were adequate in each case was a requirement

under the ML Regulations and required by the AML Staff Handbook but Mr Smith

failed to ensure it was done since he did not believe there was “any added value”

and it “would not necessarily have mitigated any additional risk that the bank

faced”.

4.70
In 2014, the Skilled Person found that in the majority of files there was poor

documentation in establishing the accuracy of the screening conducted and a

systemic failure to perform EDD on high risk and PEP customers.

Transaction monitoring

4.71
When he joined SBUK, Mr Smith introduced a programme of monitoring of

remittance transactions. The MLRO department monitored transactions by

reviewing a series of daily reports which flagged transactions that fell outside pre-

set criteria. Of these, a member of the MLRO department reviewed transactions

on a sample basis. However, there was no clear methodology for selecting the

sample and the number of transactions investigated depended on the resource

available.

4.72
SBUK operated two separate systems for money remittances throughout the

Relevant Period, depending on how quickly the customer wished remittance

payments to clear. However, the daily reports only provided details of

transactions made using one of the two systems. Mr Smith assumed that the daily

reports covered both systems but failed to confirm this and accepted that he did

not fully understand how the systems operated. As a result, he remained unaware

throughout the Relevant Period that the MLRO department was not receiving

reports of transactions using the second system and that a significant number of

transactions were not subject to any monitoring.

4.73
In June 2012, the Internal Auditors recommended that the parameters for the

daily reports should be reviewed and that all transactions on the reports should be

investigated. While Mr Smith reviewed and amended the parameters of the

reports in one respect, he recommended that no changes be made to the sample

based monitoring arrangements. On that basis SBUK chose not to follow the

recommendation of its Internal Auditors.

4.74
In making his recommendation, Mr Smith failed to ensure that the daily reports

and the sample based monitoring carried out by the MLRO department were

effective in identifying suspect transactions and thereby reducing AML risk.

4.75
In August 2013, the Internal Auditors reviewed a sample of the daily reports and

identified several issues. The Internal Auditors recommended that SBUK should

document a procedure for the review of the daily reports including the process for

producing them and how and when suspicious transactions should be escalated.

The Internal Auditors recommended a further review of the parameters of the

daily reports.

4.76
Despite the repeated concerns of the Internal Auditors, Mr Smith advised that

“the requirement for precise procedures to be produced is not required” and that

“the current parameters are considered appropriate at the current time”. As a

result, no further changes were made. In making these recommendations, Mr

Smith failed to analyse appropriately the effectiveness of the monitoring regime.

4.77
Mr Smith was responsible for undertaking regular monthly reviews of trade

finance transactions in accordance with SBUK’s compliance monitoring plan.

These reviews were conducted on a sample basis. The methodology for selecting

the sample was unclear: Mr Smith selected the number of files to review but

permitted the operational business area to select which transactions to provide to

him for review. Mr Smith failed to consider whether this methodology was

effective at identifying suspicious transactions. Further, as a result of resourcing

issues, these reviews were not always carried out by the MLRO department.

5.
FAILINGS

5.1
The regulatory provisions relevant to this Final Notice are referred to in Annex B.

5.2
Statement of Principle 6 requires an approved person performing an accountable

significant-influence function to exercise due skill, care and diligence in managing

the business of the firm for which he is responsible in his accountable function.

5.3
Mr Smith breached this requirement during the Relevant Period in that:

(1)
he failed to ensure that SBUK’s board and senior management was

sufficiently aware of the weaknesses in SBUK’s AML systems and controls;

(2)
he failed to alert SBUK’s board and senior management to the adverse

effects of a lack of resourcing in the MLRO department;

(3)
he failed to take heed of the warnings of the Authority and of the Internal

Auditors of weaknesses in SBUK’s compliance and AML monitoring

programmes;

(4)
he failed to identify a serious lack of knowledge and understanding of AML

issues amongst SBUK’s branch staff and failed to ensure that they were

sufficiently aware of and understood their AML responsibilities so as to

perform them adequately;

(5)
he failed to implement any effective process for the ongoing assessment of

the AML risks posed by individual customers;

(6)
he failed to ensure that SBUK operated an effective system for identifying

PEPs and undertaking adequate EDD in respect of those customers

identified as PEPs;

(7)
he failed to investigate or to enquire into an apparently low level of SAR

submissions; and

(8)
he recommended the rejection of the recommendations of the Internal

Auditors that SBUK’s system for transaction monitoring be reviewed

without conducting any analysis of the effectiveness of the system.

5.4
Principle 3 requires that a firm take reasonable steps to ensure that it has

organised its affairs responsibly and effectively, with adequate risk management

systems. As a result of the matters outlined in Annex A, SBUK breached this

requirement between 20 August 2010 and 21 July 2014 in that:

(1)
it failed to take steps to ensure that the importance of AML compliance was

ingrained throughout the business, despite receiving clear warnings of a

culture of non-compliance;

(2)
it did not ensure that the ongoing effectiveness of the measures introduced

by the Remediation Plan was monitored and assessed effectively;

(3)
it failed to ensure that its board and senior management were provided

with sufficiently clear information to ensure that they were adequately

sighted of the AML risks faced by the business and able to assess how they

were being addressed;

(4)
it ignored warnings from the Internal Auditors of weaknesses in its

governance systems and controls;

(5)
it failed to ensure that the MLRO department was adequately resourced;

(6)
it failed to implement adequate oversight of the MLRO department;

(7)
managerial oversight of its branches was confused and did not consider

AML compliance;

(8)
its policies on AML compliance failed to provide adequate practical

guidance to staff;

(9)
its policy on the risk assessment of customers was unclear and

contradictory;

(10)
it failed to carry out adequate CDD when establishing a business

relationship and its systems failed to identify that CDD measures were

inadequate. Following the Skilled Person’s Report, SBUK identified 2,457

live customer accounts. Each file suffered from a lack of appropriate

documentation;

(11)
it failed to carry out EDD in higher risk situations and its systems failed to

identify that EDD measures were inadequate;

(12)
it failed to conduct on-going monitoring of some customer relationships;

(13)
its transaction monitoring was conducted on a sample basis, the rationale

for which was unclear, omitted to consider some transactions, was

insufficiently documented and failed to consider all relevant information;

(14)
it failed to take adequate measures to identify PEPs and to apply adequate

EDD measures to those identified as PEPs; and

(15)
its staff failed to identify and report suspicious activity in appropriate

circumstances. SBUK was aware of the low numbers of SARs but failed to

take any adequate steps to identify and address the reasons for the low

numbers.

5.5
Mr Smith was knowingly concerned in certain aspects of this breach from 21

February 2011 to 21 July 2014 in that:

(1)
he was responsible for providing the board and senior management with

sufficiently clear information on the AML risks faced by SBUK but failed to

ensure that the information he provided was sufficiently clear to ensure

that they were adequately sighted of the AML risks faced by the business

and able to assess how they were being addressed;

(2)
he was aware of the warnings of the Internal Auditors and either aware

that they were not being acted upon or recommended that their warnings

not be acted upon;

(3)
he was aware that the MLRO department was inadequately resourced but

failed to bring this to the attention of senior management and, having

been tasked with recruiting further resources, failed to ensure that

adequate resources were recruited in a timely fashion;

(4)
he was responsible for ensuring that SBUK’s policies on AML compliance

provided adequate guidance to staff but failed to ensure that they did so;

(5)
he was responsible for maintaining SBUK’s customer risk assessment and

failed to ensure that it was not unclear and contradictory;

(6)
he was responsible for ensuring that adequate CDD and EDD were carried

out in appropriate circumstances but failed to ensure that it was so carried

out;

(7)
he was responsible for ensuring that SBUK conducted appropriate ongoing

monitoring of customer relationships but failed to ensure that it did so;

(8)
he was responsible for ensuring that SBUK conducted appropriate

transaction monitoring but failed to ensure that it did so, in particular

because he was unaware that one of SBUK’s remittance systems was not

being monitored and because resource shortages did not allow sufficient

monitoring to be carried out;

(9)
he was responsible for ensuring that staff identified and reported

suspicious activity but failed to ensure that they did so.

5.6
On the basis of the facts and matters described above, the Authority also

considers that Mr Smith has demonstrated a lack of competence and capability in

performing his roles as MLRO and compliance officer of SBUK. The Authority notes

in particular:

(1)
the Skilled Person identified “systemic” AML failings arising from “a lack of

understanding and implementation of systems and controls throughout the

Bank”. Mr Smith failed to identify these weaknesses until alerted to them

by feedback following the 2014 Visit;

(2)
Mr Smith did not take sufficient steps to address the concerns of the

Authority and the Internal Auditors over SBUK’s AML controls;

(3)
Mr Smith failed to provide SBUK’s board and senior management with

appropriate reports of the concerns of the Authority and the Internal

Auditors; and

(4)
even when Mr Smith identified a “surprising” lack of SARs, he failed, over

the course of several years, to conduct any investigation into the reasons.

5.7
The Authority also considers that, by virtue of the above failings, Mr Smith has

demonstrated a serious lack of competence and capability. As a result, the

Authority considers that he is not a fit and proper person to perform the SMF16

(compliance oversight) and SMF17 (money laundering reporting) senior

management functions and the CF10 (compliance oversight) and CF11 (money

laundering reporting) controlled functions in relation to any regulated activity

carried on by any authorised person, exempt person or exempt professional firm.

6.
SANCTION

Financial penalty

6.1
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of

DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority

applies a five-step framework to determine the appropriate level of financial

penalty. DEPP 6.5B sets out the details of the five-step framework that applies in

respect of financial penalties imposed on individuals in non-market abuse cases.

Step 1: disgorgement

6.2
Pursuant to DEPP 6.5B.1G, at step 1 the Authority seeks to deprive an individual

of the financial benefit derived directly from the breach where it is practicable to

quantify this.

6.3
The Authority has not identified any financial benefit that Mr Smith derived

directly from the breach. The step 1 figure is therefore £0.

Step 2: the seriousness of the breach

6.4
Pursuant to DEPP 6.5B.2G, at step 2 the Authority determines a figure that

reflects the seriousness of the breach. That figure is based on a percentage of the

individual’s relevant income. The individual’s relevant income is the gross amount

of all benefits received by the individual from the employment in connection with

which the breach occurred, and for the period of the breach.

6.5
In deciding on the percentage of the relevant income that forms the basis of the

step 2 figure, the Authority considers the seriousness of the breach and chooses a

percentage between 0% and 40%. This range is divided into five fixed levels

which represent, on a sliding scale, the seriousness of the breach; the more

serious the breach, the higher the level. For penalties imposed on individuals in

non-market abuse cases there are the following five levels:

Level 1 – 0%

Level 2 – 10%

Level 3 – 20%

Level 4 – 30%

Level 5 – 40%

6.6
In assessing the seriousness level, the Authority takes into account various

factors which reflect the impact and nature of the breach, and whether it was

committed deliberately or recklessly. DEPP 6.5B.2G(12) lists factors likely to be

considered ‘level 4 or 5 factors’. Of these, the Authority considers the following

factors to be relevant:

(1)
The breach created a significant risk that financial crime would be

facilitated, occasioned or otherwise occur.

6.7
The following factors have also been considered when assessing the seriousness

of the breach:

(1)
Mr Smith’s breaches resulted in systemic failures of the AML systems and

controls throughout SBUK;

(2)
robust AML controls are extremely important in preventing money

laundering and financial crime. Consequently, breaches of regulatory

requirements are extremely serious;

6.8
Taking all of these factors into account, the Authority considers the seriousness of

the breach to be level 4.

6.9
DEPP 6.5.3G(3) provides that the Authority may decrease the level of penalty

arrived at after applying step 2 of the framework if it considers that the penalty is

disproportionately high for the breach concerned. Notwithstanding the serious and

long-running nature of the breaches, the Authority considers that the level of

penalty would nevertheless be disproportionate if it were not reduced and should

be adjusted.

6.10
In order to achieve a penalty that (at step 2) is proportionate to the breach, the

step 2 figure is therefore reduced to £23,329.

Step 3: mitigating and aggravating factors

6.11
Pursuant to DEPP 6.5B.3G, at step 3 the Authority may increase or decrease the

amount of the financial penalty arrived at after step 2, but not including any

amount to be disgorged as set out in step 1, to take into account factors which

aggravate or mitigate the breach.

6.12
The Authority considers that the following factors aggravate the breach:

(1)
Mr Smith was aware of the 2010 Visit feedback and therefore had

knowledge of the Authority’s concerns in respect of SBUK’s AML and

financial crime systems and controls. In addition the Authority has

previously brought action against a number of firms for AML deficiencies

and has stressed to the industry the importance of compliance with AML

requirements. There was also guidance available to the industry, including

that issued by the JMLSG and by the Authority. The Authority would expect

a competent MLRO to have identified that the Authority had specific

concerns in respect of SBUK’s AML controls and to ensure that it was using

the widely available guidance to determine what actions should be taken to

improve the relevant system and controls.

6.13
Having taken into account this aggravating and mitigating factor, the Authority

considers that the step 2 figure should be increased by 10%.

6.14
Step 3 is therefore £25,662.

Step 4: adjustment for deterrence

6.15
Pursuant to DEPP 6.5B.4G, if the Authority considers the figure arrived at after

step 3 is insufficient to deter the individual who committed the breach, or others,

from committing further or similar breaches, then the Authority may increase the

penalty.

6.16
The Authority considers that the step 3 figure of £25,662 represents a sufficient

deterrent to Mr Smith and others, and so has not increased the penalty at step 4.

6.17
Step 4 is therefore £25,662.

Step 5: settlement discount

6.18
Pursuant to DEPP 6.5B.5G, if the Authority and the individual on whom a penalty

is to be imposed agree the amount of the financial penalty and other terms, DEPP

6.7 provides that the amount of the financial penalty which might otherwise have

been payable will be reduced to reflect the stage at which the Authority and the

individual reached agreement. The settlement discount does not apply to the

disgorgement of any benefit calculated at step 1.

6.19
The Authority and Mr Smith reached agreement at Stage 1 and so a 30% discount

applies to the step 4 figure.

6.20
Step 5 is therefore £17,964. This has been rounded down to £17,900.

6.21
The Authority therefore imposes a total financial penalty of £17,900 on Mr Smith

for breaching Statement of Principle 6 and for being knowingly concerned in

certain aspects of SBUK’s breach of Principle 3.

6.22
The Authority has the power to make prohibition orders in respect of individuals

under section 56 of the Act. The Authority’s approach to exercising these powers

is set out at Chapter 9 of the Enforcement Guide.

6.23
The Authority considers that, by virtue of the above failings, Mr Smith has

demonstrated a serious lack of competence and capability. As a result, the

Authority considers that he is not a fit and proper person to perform the

compliance oversight or money laundering reporting controlled functions and that

a prohibition order should be made.

6.24
Accordingly, the Authority makes a prohibition order, prohibiting Mr Smith from

performing the SMF16 (compliance oversight) and SMF17 (money laundering

reporting) senior management functions and the CF10 (compliance oversight) and

CF11 (money laundering reporting) controlled functions in relation to any

regulated activity carried on by any authorised person, exempt person or exempt

professional firm.

7.
PROCEDURAL MATTERS

Decision maker

7.1
The decision which gave rise to the obligation to give this Notice was made by the

Settlement Decision Makers.

7.2
This Final Notice is given under, and in accordance with, section 390 of the Act.

Manner of and time for payment

7.3
The financial penalty must be paid by Mr Smith to the Authority as follows:

£4,475 by 10 November 2016; a further £4,475 by 10 May 2017; a further

£4,475 by 10 November 2017; and a final £4,475 by 10 May 2018.

If the financial penalty is not paid

7.4
If all or any of the financial penalty is outstanding after any of the due dates for

payment, the Authority may recover the entire amount of the financial penalty not

previously paid as a debt owed by Mr Smith to the Authority.

7.5
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of

information about the matter to which this notice relates. Under those provisions,

the Authority must publish such information about the matter to which this notice

relates as the Authority considers appropriate. The information may be published

in such manner as the Authority considers appropriate. However, the Authority

may not publish information if such publication would, in the opinion of the

Authority, be unfair to Mr Smith or prejudicial to the interests of consumers or

detrimental to the stability of the UK financial system.

7.6
The Authority intends to publish such information about the matter to which this

Final Notice relates as it considers appropriate.

Authority contacts

7.7
For more information concerning this matter generally, contact Kerralie

Wallbridge (direct line: 020 7066 6548) of the Enforcement and Market Oversight

Division of the Authority.

Financial Conduct Authority, Enforcement and Market Oversight Division

30

ANNEX A

This Annex outlines the facts and matters which, in the view of the Authority,

demonstrate the weaknesses in SBUK’s governance and control systems and which

provide evidence that SBUK contravened Principle 3 during the Relevant Period.

SBUK’S GOVERNANCE SYSTEM

1.
Board of directors

1.1
The board failed to act cohesively and effectively during the Relevant Period.

There was a lack of experience and expertise in relation to regulatory and

compliance matters and manifest differences in opinion and approach to

complying with regulatory requirements which affected the board’s ability to

operate effectively as a collective unit.

1.2
The board relied in part upon the knowledge of independent non-executive

directors yet failed to ensure that all their recommendations were effected. For

example, in September 2010, the board’s attention was drawn to “a cultural

mind-set which needed to change” in relation to AML issues. Despite this, and

similar expressions of concern made to the board during the Relevant Period, the

board took insufficient steps to ensure that the importance of AML compliance was

ingrained throughout the business.

1.3
Although the board initially monitored the progress of the Remediation Plan, it

made insufficient enquiry into the effectiveness of the measures taken and, by

March 2011, the Remediation Plan did not feature on the board agenda. This

meant that the board was not able to satisfy itself that the implemented

measures were operating effectively. The board failed to consider, assess,

document and mitigate adequately the risks to which SBUK was exposed,

including that of AML compliance. In 2012, the Internal Auditors drew attention to

a lack of evidence to demonstrate that SBUK had identified and considered the

conduct risks to which it was exposed, that SBUK’s risk register was not reflective

of the risks faced and that there was a lack of any demonstrable link to the tasks

listed in SBUK’s compliance monitoring plan. They recommended that the board

approve a conduct risk appetite statement and that SBUK review its compliance

monitoring plan.

1.4
Despite this, in 2013, the Internal Auditors reported that no conduct risk appetite

had been documented, that the risk register had not been updated and that the

compliance monitoring plan remained insufficiently focussed on high-risk areas.

As a result, SBUK’s board failed to ensure that it was sufficiently sighted of the

risks to which it was exposed, including the risk of being used for money

laundering or other financial crime.

1.5
Further, the board failed to provide effective oversight of senior management

responsible for ensuring systems and controls were robust and routinely accepted

without challenge management assurances on the effectiveness of AML controls.

For example, despite identifying from a report of the Internal Auditors in June

2012 that it was “clear that the management have failed in some areas”, the

Audit Committee accepted the recommendations of senior management and failed

to take steps to ensure that failures were remediated adequately.

1.6
Although the board received regular financial crime reports, it raised insufficient

challenge to the conclusions reached and failed to enquire adequately into the

oversight of the implemented systems.

2.
Senior Management Team

2.1
Following the 2010 Visit, SBUK’s senior management oversaw the Remediation

Plan. The Remediation Plan was accepted as complete in December 2011 without

sufficient testing of its implementation to determine whether the required steps

had been taken or how effective the systems introduced as a result were

operating.

2.2
At no time during the Relevant Period did SBUK’s senior management put in place

a coherent strategy for addressing AML risk. As identified above at paragraph 1.4,

SBUK’s senior management failed to act on the recommendations of the Internal

Auditors to ensure that all risks were identified, assessed and recorded within a

risk register.

2.3
As part of the Remediation Plan, SBUK’s senior management received monthly

Compliance and Financial Crime reports from the MLRO. However, these were

formulaic, provided insufficient analysis on the effectiveness of systems and

controls, failed to highlight particular risks or issues for the immediate attention

of management and were subject to insufficient challenge by the senior

management team.

2.4
The senior management team failed to take responsibility for ensuring that AML

issues were sufficiently prioritised throughout the business. Overall, senior

management was willing to accept assurances that compliant AML systems were

in place without conducting any adequate enquiry as to the effectiveness of these

systems and despite adverse reports from the Internal Auditors.

3.
Internal Audit

3.1
In 2010, as part of the Remediation Plan, SBUK informed the Authority that it had

appointed an external firm to carry out its internal audit functions and that it will

“pay close attention to whether the [AML] procedures are being correctly

followed”.

3.2
On the basis of their work, the Internal Auditors produced regular reports,

relevantly in each of the years 2011 to 2013. The reports identified significant

weaknesses in SBUK’s control systems, some of which related to AML issues.

Several of these are outlined in this Notice.

3.3
Overall, in 2011 the Internal Auditors graded the risks and controls associated

with
SBUK’s
governance
and
regulation
activities
as
‘3’,
indicating

“actual/potential significant implications for SBUK as a whole or as a business

area (say a department)”.

3.4
In both 2012 and 2013, the grading was ‘4’ – the highest grade available,

indicating “actual/potential very serious implications for SBUK”.

3.5
In respect of several failings, the Internal Auditors noted that they persisted in

subsequent years despite the assurances of senior management that they would

be remediated.

3.6
Despite these indicators, between 2011 and 2013, the number of days allocated

by the Internal Auditors to consideration of governance and regulation matters

was reduced from 18 days in 2011 to 8 days by 2013.

3.7
The failure of SBUK’s senior management to react appropriately to the adverse

findings of its own independent Internal Auditors and to improve the control

framework is a clear indicator that senior management was insufficiently focussed

on compliance in general and AML systems in particular.

3.8
As a result, senior management failed to ensure that SBUK fostered a culture

which valued robust adherence to its regulatory responsibilities and allowed a

culture of minimal, or non-compliance to persist throughout the firm.

4.
MLRO function

4.1
The MLRO function was responsible for monitoring and ensuring SBUK’s

compliance with its AML responsibilities. It was therefore important that the MLRO

department was properly equipped with staff who had adequate skills and

experience, and systems which enabled effective monitoring.

4.2
In addition to his role overseeing the AML systems and controls, until 2014, SBUK

required its MLRO: to act as compliance officer; to act as line manager to staff; to

undertake responsibilities for appropriate training; and to undertake some

company secretarial work, including taking, and subsequently typing up, minutes

at board and Audit Committee meetings.

4.3
Having identified in March 2013 that the MLRO function required further staffing,

although steps were taken from the summer of 2013 onwards, SBUK did not

recruit another staff member until January 2014. The lack of adequate resource

during this period adversely affected the monitoring carried out by the MLRO

function: for example, in August 2013, the Internal Auditors noted that only 17

reviews of trade finance files had been carried out, rather than the 75 mandated

by SBUK’s procedures.

4.4
In addition to staffing, SBUK failed to provide the MLRO department with

adequate resources. Despite the MLRO recommending membership of a

commercial crime information service in each of the MLRO reports for 2011 to

2013, SBUK failed to purchase the suggested service or an alternative.

4.5
The MLRO also recommended software enhancements in each of the MLRO reports

for 2011 to 2014 in relation to SWIFT message sanctions screening, which was

implemented in 2015. In 2012 the MLRO recommended that upgrades to

remittance software were required to ensure that transactions were automatically

screened against sanctions lists and this was implemented in the second half of

2014. SBUK failed to implement the necessary upgrades in a timely manner.

4.6
In 2011 SBUK started a project to replace its IT system which would have

provided enhanced AML functionality. SBUK is still working on implementation of

this new system.

4.7
The Authority acknowledges that external factors have been involved in the delay

in implementing the new system. Nevertheless, senior management’s lack of

sufficient focus on AML systems meant that they have not responded adequately

to the delay. Therefore senior management failed to ensure that SBUK was

equipped properly to carry out its functions effectively.

5.
Oversight of branches

5.1
SBUK’s head office was based in London. It operated five additional branches,

providing retail banking and money remittance services to Bangladeshi

communities outside central London.

5.2
Reporting lines from the branches to SBUK’s head office were unclear. While some

visits to branches were made by senior management during the Relevant Period,

these were focused on the administrative operations of the branches and did not

consider compliance with AML processes.

5.3
As a result, AML compliance was not embedded in the reporting lines of branch

staff or management and insufficient ongoing management attention was focused

upon the effectiveness of AML systems within the branches, although half yearly

conferences were conducted for branch managers at which AML issues were

discussed.

5.4
The MLRO reports of 2012, 2013 and 2014 each outlined a recommendation for a

regular program of visits to be conducted by the MLRO to the branches. As a

result of a lack of resources in the MLRO department, these visits did not take

place until after the Authority’s feedback from the 2014 Visit. Despite being

alerted by the MLRO reports for three successive years to the need for branch

visits, SBUK’s senior management took no steps to ensure that they took place.

5.5
Instead, AML oversight of the branches was conducted by the (already under-

resourced) MLRO department’s transaction monitoring and by dealing with ad hoc

queries posed by branch staff. This led to a culture amongst branch staff of

reliance on the MLRO department to ensure that AML monitoring and reviews

were satisfactorily completed.

5.6
When members of the senior management carried out branch visits in April 2014,

SBUK identified a lack of adequate understanding of AML issues among some

branch managers and staff, including unsatisfactory knowledge of CDD, EDD,

customer risk assessments and the circumstances in which a SAR was necessary.

6.
AML policies and procedures

6.1
SBUK maintained the AML Staff Handbook which contained its AML policy and

procedures. It was redrafted following the 2010 Visit with the assistance of

external consultants and subsequently approved by the board on an annual basis.

The AML Staff Handbook was a high level manual that provided insufficient

practical guidance to staff to assist them with carrying out their functions

effectively. Staff were provided with the AML Staff Handbook but were given

limited further documentary guidance on how to follow the AML processes. This

meant that staff were not provided with adequate guidance on how to comply

with SBUK’s AML processes.

6.2
For example, staff were instructed that prior to establishing a relationship or

opening an account, they were required to obtain “sufficient due diligence” but the

guidance did not specify what would be considered as “sufficient”.

6.3
Members of staff were required to obtain evidence of source of funds for cash

remittances of £9,000 and above (reduced to £2,000 and above in January 2014)

but no guidance was provided on what form this evidence should take. This is

despite cash remittances being a key risk area for the business. The lack of

specific guidance in this area led to staff processing very large cash remittance

transactions with little evidence of source of funds. For example, a cash

remittance transaction of £10,000 (a significant sum compared to the income of

the remitter) was processed where the only documented evidence of source of

funds obtained consisted of a withdrawal slip. It does not appear that adequate

consideration was given as to whether this was sufficient in such circumstances,

or whether further information, such as evidence of the activity that generated

the funds, was necessary.

36

6.4
The AML Staff Handbook was at times contradicted by the MLRO Reports. For

example, from January 2012, the AML Staff Handbook provided for SBUK to treat

all new customers as high risk for the first six months. However, the 2012 and

2013 MLRO Reports stated that SBUK’s policy was “not to conduct relationships

with any individual or organisation which it considers to be high risk or engages in

high risk activities, except for correspondent banking relationships”.

6.5
Moreover, the MLRO Reports provided that all account applications for high risk

customers and subsequent reviews were required to be signed off by the senior

management. However, this provision was not set out in the AML Staff Handbook

and consequently was not communicated to staff. It remained unclear for the

duration of the Relevant Period how these policies coincided with the classification

of all new customers as high risk. In practice, the requirement in the MLRO

Reports was not followed: while senior management did sign off some categories

of customer, they did not sign off all high risk customers.

6.6
The first time a customer underwent a considered risk assessment was after the

initial six months when the customer was assessed as low, medium or high risk.

This review was largely limited to a manual paper exercise involving a paper diary

system because, until mid-2013, SBUK databases did not have the capability to

record review dates. This meant that the review after the initial six months was

not always conducted on time.

6.7
The AML Staff Handbook listed a number of factors to be used in making a risk

assessment of an individual customer but provided insufficient guidance on how

these factors interrelated or how staff should use them in an individual case.

Although the AML Staff Handbook required ongoing periodic reviews, it did not

provide details of what information these reviews should consider.

6.8
The AML Staff Handbook set out SBUK’s policy and procedural requirements for

carrying out EDD, but it did not explain adequately what EDD was, and did not

provide staff with guidance on how to carry out EDD.

AML CONTROL SYSTEMS

7.
Customer Due Diligence

7.1
Following the 2010 Visit, the Authority had alerted SBUK to deficiencies in its CDD

processes.

7.2
Despite this, when the Authority examined 16 files during the 2014 Visit, it found

a failure to carry out adequate CDD, including a lack of documented evidence of

the purpose and intended nature of the business relationship and information

relating to the expected turnover or transactional activity. As a consequence,

these files lacked suitable information to assess whether account activity was

consistent with the anticipated activity.

7.3
The Skilled Person found a systemic failure to carry out sufficient CDD. Failings

included scanned documentation which was unclear, out of date identification

documentation, incomplete account opening forms and insufficient information

about expected account activity.

7.4
Following the Skilled Person’s Report, SBUK identified 2,457 live customer

accounts. Each file suffered from a lack of appropriate documentation.

8.
Enhanced Due Diligence

8.1
The ML Regulations require firms to carry out EDD in any situation which can

present a higher risk of money laundering. SBUK’s policies required it to carry out

EDD in respect of all high risk customers. The AML Staff Handbook reflected this

requirement. The classification of all new customers as high risk therefore

required SBUK to conduct EDD on all of these customers. In fact, SBUK routinely

failed to carry out EDD in respect of its new customers, on the basis that they

were not in fact high risk for these purposes.

8.2
The result of this was that SBUK failed to follow its own policies and failed to give

any meaningful consideration to whether the risks of a particular customer

merited carrying out EDD.

9.
Ongoing monitoring

9.1
The MLRO department did not review live customer accounts at all until a review

in 2011. This review found that in most cases the customer information was not

up to date resulting in SBUK writing to 300 customers and requesting

information. These included customers whose account activity involved large cash

transactions or transactions which did not appear consistent with their customer

profile. SBUK did not undertake any subsequent periodic reviews of its customer

38

files and in 2014 approximately 20% of live customer files were still found to be

deficient, demonstrating CDD was still not being carried out properly.

9.2
A sample review of customer files by the Skilled Person found that the reviews

undertaken by the MLRO department after the initial six months was flawed. For

example, the reasons for classifying a customer as high, medium or low risk were

not always documented adequately.

9.3
After the initial six month review, SBUK failed to carry out ongoing monitoring of

customer relationships beyond the monitoring of certain transactions. This meant

that, after the initial six month review, insufficient consideration was given to the

AML risks posed by a particular customer unless he or she completed an

individual transaction which was subject to monitoring. This meant that there was

a risk that customers were not classified appropriately which would have

impacted on the level of due diligence undertaken on customers and the

frequency of monitoring determined. The decision whether to monitor a particular

transaction was generally made by reference to the transaction itself rather than

by any consideration of the risks posed by the customer.

9.4
For example, one customer who was identified by SBUK as PEP, and whose

income had been noted in 2007 as £20,000 per annum, had made a number of

significant cash and cheque deposits. SBUK had failed to consider whether these

deposits were commensurate with his earnings and, accordingly, whether the

account activity posed increased AML risks.

9.5
Until February 2011, SBUK conducted no documented monitoring of transactions.

From February 2011, the MLRO department monitored transactions by reviewing

a series of daily reports which flagged transactions that fell outside pre-set

criteria. Of these, the MLRO department investigated transactions on a sample

basis. The rationale for selecting the sample was unclear and the number of

transactions investigated depended on the resource available.

9.6
SBUK operated two separate systems for money remittances throughout the

Relevant Period. However, the MLRO department was only aware of one of these

systems and only received daily reports in respect of that system. As a result, a

significant number of transactions were not subject to monitoring.

9.7
In 2012, the Internal Auditors recommended that the parameters for the daily

reports be reviewed and that all transactions on the reports should be

investigated. However, SBUK did not follow this recommendation.

9.8
SBUK’s systems were unable to detect linked transactions or transactions from a

number of remitters to a single beneficiary. Moreover, individual branches could

not access the remittance history of a customer from other branches and the

MLRO department could not access remittance histories from branches other than

the Head Office.

9.9
This meant that SBUK failed to assess the overall risks posed by particular

customers. For example, the Skilled Person examined a remittance transaction of

£10,000. When assessing the risk of the transaction and of the customer, SBUK

did not document any considerations regarding the fact that the customer’s stated

income was £28,000 and that, in less than 18 months, he or she had remitted

over £25,000. As a result, the transaction was not considered by SBUK to be

suspicious and no documented assessment of the risk posed by the customer was

made.

10.1
Until 2014, SBUK did not conduct routine screening of its customer list to identify

PEPs. Although checks were carried out in respect of new customers, SBUK failed

to identify some customers who should have been assessed as PEPs. On other

occasions, information which suggested customers were PEPs was discounted

without any documented reasoning. This meant that SBUK risked failing to

appropriately identify PEPs.

10.2
Even when SBUK identified a customer as a PEP, it did not always carry out

adequate EDD. In particular, it failed to establish adequately the source of

particular funds or the source of the customer’s wealth. Even when areas of

concern or adverse information were identified, these were not always sufficiently

considered and the associated risks identified and considered. There was a failure

to document adequately the rationale for the steps taken.

10.3
In one case, SBUK failed to identify that several PEPs sat on the board of one of

its customers and failed to consider publicly available information concerning

corruption investigations involving this customer. As a result, SBUK’s risk

assessment of this customer was seriously deficient.

11.
Suspicious Activity Reporting

11.1
It was the responsibility of SBUK staff members to refer any suspicious activity to

the MLRO by completing a SAR. Throughout the Relevant Period, SBUK staff made

very low levels of SAR submissions. In each of the annual MLRO reports between

2011 and 2014, the MLRO described the lack of SARs referred to him by staff,

particularly in the trade finance part of the business, as “surprising”. Each report

stated that this “may well be attributable to the fact that the vast majority of

counterparties to the LCs [letters of credit] are familiar to the trade Finance staff”.

11.2
Despite this potential indicator that staff were not reporting suspicious activity

appropriately, no adequate investigation of the reasons for the low levels of

submissions was made and SBUK accepted the explanation given as sufficient

without any challenge.

11.3
Following the report of the Skilled Person, SBUK reviewed its customer files and a

sample of its remittance transactions. As a result, an additional 141 SARs were

submitted to the MLRO department in respect of account holders and 102 SARs in

respect of remittance transactions. This is a clear indicator that staff had

previously failed to report suspicious activity appropriately.

12.1
SBUK was notified following the 2010 Visit that its correspondent banking files

contained very poor records. In October 2012, the MLRO identified that the files

were “in a mess”. Although review work was carried out in late 2012, a full review

of correspondent banking relationships was not carried out until December 2013

at which point four relationships with correspondent banks were suspended as a

result of AML issues.

12.2
Even when SBUK identified adverse information about its correspondent banks, it

did not always act upon this in a timely fashion or at all. On occasions, it relied

upon assurances from the correspondent bank that the information was baseless

or failed to provide documented reasons for reaching conclusions on the risks

posed.

12.3
Even when SBUK identified that directors or shareholders of correspondent banks

were PEPs, it failed to record this status on its PEP register.

13.1
Monitoring of trade finance transactions was undertaken by the MLRO

department. While some investigations were carried out, SBUK could not

demonstrate that effective CDD measures were undertaken adequately.

Transactions were approved by the MLRO department with insufficient evidence of

any analysis and reasoning was not documented.

13.2
In 2013, the Internal Auditors identified that the level of monitoring of trade

finance files was not taking place to the extent provided by SBUK’s internal

procedures. This was as a result of a lack of resourcing in the MLRO department.

13.3
The Internal Auditors considered a sample of 35 trade finance files. They

identified an error rate of 83%, including insufficient CDD and a failure to gain

approval from the MLRO in respect of high risk transactions. It was noted that

“high risk” was not defined and a recommendation was made to update the trade

finance manual. SBUK did not follow this recommendation.

14.
Money Service Bureaux

14.1
In October 2013, SBUK agreed to provide banking services for seven money

service bureaux, each of which provided money remittance services. SBUK

provided these services despite identifying various deficiencies in the AML

processes of some of the money service bureaux. These included outdated

process documentation, registration forms which lacked full information or were

not completed, staff with inadequate knowledge and incomplete training records.

14.2
SBUK later terminated the relationships with six of the seven money service

bureaux. It retained the relationship with one on the basis that SBUK was

satisfied that appropriate AML systems and controls were in place.

ANNEX B

RELEVANT STATUTORY AND REGULATORY PROVISIONS

1.
RELEVANT STATUTORY PROVISIONS

1.1
Pursuant to sections 1B and 1D of the Act, one of the Authority’s operational

objectives is protecting and enhancing the integrity of the UK financial system.

1.2
Pursuant to section 66 of the Act, the Authority may take action against a person

if it appears to the Authority that he is guilty of misconduct and the Authority is

satisfied that it is appropriate in all the circumstances to take action against him.

Misconduct includes failing, while an approved person, to comply with a

Statement of Principle issued under section 64 of the Act and being knowingly

concerned in a contravention by the authorised person on whose application the

approval was given.

1.3
The action that may be taken by the Authority pursuant to section 66 of the Act

includes the imposition on the approved person of a penalty of such amount as

the Authority considers appropriate.

1.4
Pursuant to section 56 of the Act, the Authority has the power to make an order

prohibiting an individual from performing a specified function, any function falling

within a specified description or any function in relation to a regulated activity

carried on by an authorised person, exempt person or exempt professional firm if

it appears to the Authority that the individual is not a fit and proper person to

perform such functions.

2.
RELEVANT REGULATORY PROVISIONS

2.1
In exercising its powers to impose a financial penalty the Authority has had

regard to the relevant regulatory provisions published in the Authority’s

Handbook. The main provisions that the Authority considers relevant are set out

below.

The Statements of Principle for Approved Persons (“APER”)

2.2
APER sets out the fundamental obligations of approved persons and sets out

descriptions of conduct, which, in the opinion of the Authority, do not comply with

the relevant Statements of Principle. It also sets out, in certain cases, factors to

be taken into account in determining whether an approved person’s conduct

complies with a Statement of Principle.

2.3
APER 2.1A.3P, which applied from 1 April 2013, sets out Statement of Principle 6

which provides:

“An approved person performing an accountable significant-influence function

must exercise due skill, care and diligence in managing the business of the firm

for which he is responsible in his accountable function.”

2.4
APER 2.1.2P, which applied from 1 December 2001 to 31 March 2013, set out

Statement of Principle 6 which provided:

“An approved person performing a significant influence function must exercise due

skill, care and diligence in managing the business of the firm for which he is

responsible in his controlled function.”

Principles for Business (“Principles”)

2.5
The Principles are a general statement of the fundamental obligations of firms

under the regulatory system and are set out in the Authority’s Handbook.

2.6
Principle 3 provides:

“A firm must take reasonable care to organise and control its affairs responsibly

and effectively, with adequate risk management systems.”

“A firm must deal with its regulators in an open and cooperative way, and must

disclose to the appropriate regulator appropriately anything relating to the firm of

which that regulator would reasonably expect notice.”

2.8
During the Relevant Period, the following rules applied:

Senior Management Arrangements, Systems and Controls (“SYSC”)

2.9
SYSC 6.1.1R provides:

“A firm must establish, implement and maintain adequate policies and procedures

sufficient to ensure compliance of the firm including its managers, employees and

appointed representatives (or where applicable, tied agents) with its obligations

under the regulatory systems and for countering the risk that the firm might be

used to further financial crime.”

2.10
SYSC 6.3.1R provides:

“A firm must ensure that the policies and procedures established under SYSC

6.1.1R include systems and controls that:

(1)
enable it to identify, assess, monitor and manage money laundering risk;

and

(2)
are comprehensive and proportionate to the nature, scale and complexity

of its activities.”

2.11
SYSC 6.3.9R provides:

“A firm (with the exception of a sole trader who has no employees) must:

(1)
appoint an individual as MLRO, with responsibility for oversight of its

compliance with the FCA’s rules on systems and controls against money

laundering; and

(2)
ensure that its MLRO has a level of responsibility and independence within

the firm and access to resources and information sufficient to enable him

to carry out that responsibility.”

2.12
SYSC 6.3.10G provides:

“The job of the MLRO within a firm is to act as the focal point for all activity within

the firm relating to anti-money laundering. The FCA expects that a firm’s MLRO

will be based in the United Kingdom.”

The Fit and Proper test for Approved Persons (“FIT”)

2.13
FIT sets out the criteria for assessing the fitness and propriety of a candidate for a

controlled or designated senior management function. The Authority will consider

these criteria when assessing the continuing fitness and propriety of an approved

person.

2.14
FIT 1.3.1G provides that the Authority will have regard to a number of factors

when assessing the fitness and propriety of a person. By FIT 1.3.1BG, these

include the person’s competence and capability.

2.15
FIT 2.2.1AG provides that, among the factors to which the Authority will have

regard in determining a person’s competence and capability to perform a

controlled function are:

“(1) whether the person satisfies the relevant FCA training and competence

requirements in relation to the controlled function the person performs or is

intended to perform;

(2)
whether the person has demonstrated by experience and training that they

are suitable, or will be suitable if approved, to perform the controlled

function.”

Decision Procedure and Penalties Manual (“DEPP”)

2.16
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the

Authority’s statement of policy with respect to the imposition and amount of

financial penalties under the Act. In particular, DEPP 6.5B sets out the five steps

for penalties imposed on individuals in non-market abuse cases.

2.17
The Enforcement Guide sets out the Authority’s approach to taking disciplinary

action. The Authority’s approach to financial penalties is set out in Chapter 7 of

the Enforcement Guide.

2.18
The Authority’s approach to exercising its powers to make prohibition orders is set

out in Chapter 9 of the Enforcement Guide.

3.
RELEVANT PROVISIONS OF THE MONEY LAUNDERING REGULATIONS

3.1
The ML Regulations provide a series of measures for the purposes of preventing

the use of the financial system for the purposes of money laundering. In

particular, they impose a set of requirements which all firms operating in the

financial system are obliged to follow.

3.2
Regulation 5 (Meaning of customer due diligence measures) of the ML Regulations

defines “customer due diligence measures” as:

(a)
identifying the customer and verifying the customer's identity on the basis

of documents, data or information obtained from a reliable and

independent source;

(b)
identifying, where there is a beneficial owner who is not the customer, the

beneficial owner and taking adequate measures, on a risk-sensitive basis,

to verify his identity so that the relevant person is satisfied that he knows

who the beneficial owner is, including, in the case of a legal person, trust

or similar legal arrangement, measures to understand the ownership and

control structure of the person, trust or arrangement; and

(c)
obtaining information on the purpose and intended nature of the business

relationship.

3.3
Regulation 7(1) to (3) (Application of customer due diligence measures) of the ML

Regulations provides:

(1)
Subject to regulations 9, 10, 12, 13, 14, 16(4) and 17, a relevant person

must apply customer due diligence measures when he—

(a)
establishes a business relationship;

(b)
carries out an occasional transaction;

(c)
suspects money laundering or terrorist financing;

(d)
doubts the veracity or adequacy of documents, data or information

previously obtained for the purposes of identification or verification.

(2)
Subject to regulation 16(4), a relevant person must also apply customer

due diligence measures at other appropriate times to existing customers on

a risk-sensitive basis.

(3)
A relevant person must—

(a)
determine the extent of customer due diligence measures on a risk-

sensitive basis depending on the type of customer, business

relationship, product or transaction; and

(b)
be able to demonstrate to his supervisory authority that the extent

of the measures is appropriate in view of the risks of money

laundering and terrorist financing…

3.4
Regulation 8 (Ongoing monitoring) of the ML Regulations provides:

(1)
A relevant person must conduct ongoing monitoring of a business

relationship.

(2)
“Ongoing monitoring” of a business relationship means—

(a)
scrutiny of transactions undertaken throughout the course of the

relationship (including, where necessary, the source of funds) to

ensure that the transactions are consistent with the relevant

person's knowledge of the customer, his business and risk profile;

and

(b)
keeping the documents, data or information obtained for the

purpose of applying customer due diligence measures up-to-date.

(3)
Regulation 7(3) applies to the duty to conduct ongoing monitoring under

paragraph (1) as it applies to customer due diligence measures.

3.5
Regulation 14 (enhanced customer due diligence and ongoing monitoring) of the

ML Regulations provides:

(1)
A relevant person must apply on a risk-sensitive basis enhanced customer

due diligence measures and enhanced ongoing monitoring—

(a)
in accordance with paragraphs (2) to (4);

(b)
in any other situation which by its nature can present a higher risk

of money laundering or terrorist financing…

(4)
A relevant person who proposes to have a business relationship or carry

out an occasional transaction with a politically exposed person must—

(a)
have approval from senior management for establishing the

business relationship with that person;

(b)
take adequate measures to establish the source of wealth and

source of funds which are involved in the proposed business

relationship or occasional transaction; and

(c)
where the business relationship is entered into, conduct enhanced

ongoing monitoring of the relationship.

(5)
In paragraph (4), “a politically exposed person” means a person who is—

(a)
an individual who is or has, at any time in the preceding year, been

entrusted with a prominent public function by—

(i)
(i)
a state other than the United Kingdom;

(ii)
(ii)
an EU institution; or

(iii)
(iii)
an international body,

including a person who falls in any of the categories listed in

paragraph 4(1)(a) of Schedule 2;

(b)
an immediate family member of a person referred to in sub-

paragraph (a), including a person who falls in any of the categories

listed in paragraph 4(1)(c) of Schedule 2; or

(c)
a known close associate of a person referred to in sub-paragraph

(a), including a person who falls in either of the categories listed in

paragraph 4(1)(d) of Schedule 2.

(6)
For the purpose of deciding whether a person is a known close associate of

a person referred to in paragraph (5)(a), a relevant person need only have

regard to information which is in his possession or is publicly known.

3.6
Regulation 20(1) and (2) (Policies and procedures) of the ML Regulations

provides:

(1)
A relevant person must establish and maintain appropriate and risk-

sensitive policies and procedures relating to—

(a)
customer due diligence measures and ongoing monitoring;

(b)
reporting;

(c)
record-keeping;

(d)
internal control;

(e)
risk assessment and management;

(f)
the monitoring and management of compliance with, and the

internal communication of, such policies and procedures,

in order to prevent activities related to money laundering and terrorist

financing.

(2)
The policies and procedures referred to in paragraph (1) include policies

and procedures—

(a)
which provide for the identification and scrutiny of—

(i)
complex or unusually large transactions;

(ii)
unusual patterns of transactions which have no apparent

economic or visible lawful purpose; and

(iii)
any other activity which the relevant person regards as

particularly likely by its nature to be related to money

laundering or terrorist financing;

(b)
which specify the taking of additional measures, where appropriate,

to prevent the use for money laundering or terrorist financing of

products and transactions which might favour anonymity;

(c)
to determine whether a customer is a politically exposed person;

(d)
under which—

(i)
an individual in the relevant person's organisation is a

nominated officer under Part 7 of the Proceeds of Crime Act

2002 and Part 3 of the Terrorism Act 2000;

(ii)
anyone in the organisation to whom information or other

matter comes in the course of the business as a result of

which he knows or suspects or has reasonable grounds for

knowing or suspecting that a person is engaged in money

laundering or terrorist financing is required to comply with

Part 7 of the Proceeds of Crime Act 2002 or, as the case may

be, Part 3 of the Terrorism Act 2000; and

(iii)
where a disclosure is made to the nominated officer, he must

consider it in the light of any relevant information which is

available to the relevant person and determine whether it

gives rise to knowledge or suspicion or reasonable grounds

for knowledge or suspicion that a person is engaged in

money laundering or terrorist financing.


© regulatorwarnings.com

Regulator Warnings Logo