Commerzbank is the latest bank to be slapped with an AML fine from the FCA for non-compliance.
Finally, after eight long years since the FCA raised its initial concerns, it has fined Commerzbank nearly £38 million for failing to put adequate AML systems and controls in place between October 2012 and September 2017.
Here I share my thoughts on a case that’s really hit home the challenges of overcoming money laundering.
Is £38 million enough to deter non-compliance?
£38 million is a headline-grabbing fine. But is it enough?
The figure includes a 30% discount because the bank agreed to resolve the matter at an “early stage”. It would have otherwise been more than £54 million.
Yet, while the fine is one of the largest issued by the FCA in relation to AML failings, it is also a fraction of the £102 million fine it placed upon Standard Chartered for similar issues in 2019.
The differences in the size of these fines is a separate topic but it’s important to note the regulatory approach in the UK historically has been to not issue substantial fines. Rather the approach is to work with organisations to ensure adequate defences are put into place.
Thus, the FCA sets out to work with financial organisations to get compliance right.
In the case of Commerzbank, a fine was issued only after multiple failed attempts in 2012, 2015 and 2017 to get the bank to rectify its AML weaknesses and failings.
On the basis of the limited information provided by the FCA, it is easy to conclude that between 2012 and 2017 the bank continued business as usual, seemingly undeterred by non-compliance and the very real risk of censure.
Will other banks be deterred by Commerzbank’s fate? Probably not. But perhaps the reputational damage from this crisis will be far more costly than any fine could levy.
Why did the failings continue for so long?
While holding the thought that fines from the FCA may not necessarily be substantial enough to deter non-compliance, another concern is the fact that it took eight years to issue a fine. Hopefully I’m not alone in feeling that eight years is a long time!
Moreover, one can assume this tier 1 bank operated without adequate AML systems and controls for five whole years. Why was this situation allowed to continue? Why was the bank not under greater scrutiny?
FCA Executive Director of Enforcement and Market Oversight, Mark Steward, has acknowledged that “Commerzbank London’s failings over several years created a significant risk that financial and other crime might be undetected.”
That said, the statement from the FCA does not specify whether money laundering or financial crime has occurred. It simply states that Commerzbank London has conducted an extensive “look-back exercise” to identify suspicious transactions.
Should we assume nothing was detected? Or should we question exactly what investigations have been done, and to what extent has the absence of money laundering controls effectively masked financial crime?
No easy solution for systematic failings
The other issue this case spotlights is that it appears all too easy to pacify the FCA. Just telling a regulator you are engaging with an AML software vendor, or you are undertaking internal reviews appears to be enough to satisfy their need to know you are ‘taking action’ to address substandard systems and practices. This will ‘buy’ a few years but often the reality, however, is little to no change is being made.
These multiple systematic regulatory challenges are difficult to resolve. I believe the current regulatory approach to money laundering in the UK is not working as effectively as it could or should.
Moving forward with the right technology…
Issues with preventing money laundering rest not only with the regulator. Commerzbank is yet another bank that’s illustrated how AML systems are only as strong as their weakest link. Many of Commerzbank’s high-risk countries and clients were overlooked, there were customer due diligence checks backlogs, and long-standing weaknesses in its automated tool for monitoring money laundering risk.
Some banks stick with old AML technology mistakenly thinking it’s the ‘safe’ option. The reality is these legacy solutions have been tried, tested and are failing.
…and robust policies and procedures
While it may be difficult to get compliance right, especially for large geographically dispersed banks, it is not impossible. Every compliance programme should start with clearly articulating the firm’s policies and procedures. Defining and communicating your risk appetite and the policies and procedures that support this is crucial to
a) ensure you are in a strong place to detect and prevent money laundering, and
b) ensure you are well placed to defend your organisation should you find yourselves answering to the FCA.
It’s not hard to conclude the current approach to regulatory compliance by both the regulator and banks is failing. UK regulators are arguably too soft with offenders, and it is all too easy to deflect responsibility for systemic failings. When things go wrong, there appears to be little accountability.
The introduction of the Sixth Anti-Money Laundering Directive in December should start to instigate change for the better but the road to overcoming the issues to effectively get a grip on financial crime remains long and bumpy.
To learn more about how Napier can help you transform compliance through the use of technology, please contact us.
Photo by Twitter: @jankolario on Unsplash