The FCA presented two webinars recently, which I listened in to. One was on managing money laundering and sanctions risk in smaller banks, and the other was on managing bribery and corruption risk on commercial insurance broking.
As many of you may not have had the opportunity to listen to these, I thought I would share with you some of the key points that came out of each.
This first part will focus on the money laundering and sanctions risk webinar.
This review took place to assess how banks had reacted to a previous review carried out under the FSA in 2011 - Banks management of higher money laundering risk situations - as well as to look at sanctions systems and controls in place at smaller banks.
The current review was conducted through a sample of 21 smaller banks, which included 8 wealth management and private banks, 7 wholesale banks and 6 retail banks - 5 of the 21 were included in the 2011 review and were chosen specifically to allow the FCA to assess how they had reacted to that review’s findings.
The latest review focused on areas like governance, culture, MI, risk assessments, due diligence, monitoring, training and sanctions. The following high level findings were noted;
- Some banks implemented effective AML/sanctions controls, with private banks generally operating to a higher standard
- Progress has been made regarding senior management engagement with AML issues
- A third of banks had inadequate AML resources
- Weak staff knowledge of AML and sanctions risk at most banks
The view of the FCA is that although there were signs of improved governance since the 2011 review, six banks still showed serious AML governance issues.
Senior management at a quarter of the banks were unable to articulate their money laundering appetite.
UK branches, or subsidiaries, tended to adopt the same culture as their parent bank. This risk is exacerbated where the UK CEO position is a short term posting from the home country where there is little incentive to ensure good compliant practice.
Most banks sampled were found to regularly produce MI on AML and sanctions issues, although it was felt that the MI could have been more comprehensive. There were variances in how regularly the MI was produced, for example, some banks produced MI annually in line with the MLROs own reporting obligations.
Over half of the banks had not considered the money laundering risks in their business models and relied exclusively on the customer risk assessments being completed. As a result, these banks were unable to assess the risks to which their business was exposed, highlighted in some cases by the MLRO being unable to articulate these risks when being interviewed.
Those who did conduct business wide risk assessments did so to varying standards, and it was found that where a more comprehensive risk assessment was made, there were improved controls and improved customer risk assessments too.
In over three-quarters of the banks there were weaknesses in the customer risk assessment process, for example, some of them relied on a single risk factor, such as country risk or whether the customer was a PEP.
Most of the banks carried out adequate identification and verification of customers, however, more than a quarter failed to obtain sufficient information regarding the nature and intended purpose of the relationship, which would impede their ability to conduct effective ongoing monitoring on these relationships.
Over three-quarters of the banks failed to conduct adequate enhanced due diligence on their high risk relationships, in particular around establishing source of wealth and source of funds information.
Half of the banks relied on identifying large transactions when carrying out further monitoring, and didn’t look at other red flags, such as customers making frequent low value cash deposits that collectively exceeded their stated income.
There were also instances where banks did not carry out periodic reviews of their ongoing relationships or had only recently introduced a periodic review process, which brings into question their ability to manage money laundering risk effectively.
Most banks provided computer-based anti-money laundering training, however, staff members in smaller banks were found to have weaker knowledge in this area than those at larger banks.
Additionally, the level of money laundering and sanctions knowledge in the MLROs at a quarter of the banks was found to be inadequate, for example, some did not understand their legal and regulatory responsibilities or money laundering risks relevant to their bank.
Following the FCA visit in relation to this review, some banks chose to replace their MLROs.
The understanding of the UK sanctions regime was adequate at most banks. Automatic payment screening was common, however, direct debit, cheque and debit card payments were excluded from some of the screening checks taking place.
There was also a lack of oversight of whether sanctions lists were being kept up to date when compliance was not involved, exposing the banks to some risks.
The FCA concluded that most banks were not doing enough to manage money laundering and sanctions risk, however, they were pleased that improvements have been made in areas such as senior management engagement.
Action was taken at six of the banks in the sample through a range of tools including applying business restrictions and appointing a skilled person review (S166) at three of the banks, as well as starting enforcement investigations with two of the banks.
The FCA emphasised some key messages that have come out of this review;
- Senior management engagement on AML and sanctions is essential
- Manage money laundering and sanctions risk as you would manage other key risks, and to do more where the risk is greater
- Use FCA guidance and other publications to improve controls in these areas
If you would like to watch the webinar in full, please follow this link.
I hope you have found the above synopsis of interest, I will be posting part 2 next week, which will cover the managing bribery and corruption risk on commercial insurance broking webinar.