Financial crime prevention is a perennial hot topic for UK regulators and enforcement agencies, and therefore also for firms. In 2015 however, both national and international authorities surpassed themselves, providing much food for thought for UK businesses. In this article, Emma Radmore of Dentons looks at the key developments affecting the UK in the prevention of financial crime and regulatory expectations relating to it.
Serious Crimes Act 2015 – protection for SARs reporters
The Serious Crime Act 2015 introduced a new provision to the Proceeds of Crime Act 2002, to provide protection for those who report suspicions of money laundering. The law now clarifies that, where an authorised disclosure is made in good faith, no civil liability arises in respect of the disclosure on the part of the person by or on whose behalf it is made. The provision took effect on 1 June.
No extension of "failure to prevent"
The Ministry of Justice stated during Parliamentary questions that it will not be bringing forward a new offence of a corporate failure to prevent economic crime and the rules on establishing corporate criminal liability more widely. It says this is because there have been no prosecutions under the model Bribery Act offence and there is little evidence of corporate economic wrongdoing going unpunished.
After many years in deliberation, the fourth Money Laundering Directive (MLD 4) and revised Funds Transfer Regulation were adopted and published in the EU's Official Journal. They take effect in June 2017. The new measures address failings in their predecessors as well as new risks. Many articles have been written on MLD4 and the changes Member States will need to make to their laws, and the consequent changes affected firms will need to make to their procedures. Key changes include:
- clarification on what is a "beneficial owner", and the new, separate, requirements for entities to provide information on their beneficial ownership in a national central register;
- expansion and clarification on what is a politically exposed person (PEP) and on expectations of "obliged entities" when carrying out appropriate customer due diligence (CDD) on them;
- specific obligations on senior management of "obliged entities";
- requirements on the European Commission and Member States to assess and report on the risks of money laundering and terrorist financing, and for national requirements to take account of EU level assessments;
- increased focus on obliged entities having policies that are appropriate across their branches and subsidiaries;
- the obligation on Member States to impose minimum administrative sanctions for breach of requirements (with freedom to impose criminal and greater administrative sanctions); and
- the requirement for the European Supervisory Authorities to set guidelines on risk factors and supervision, which, as appropriate, Member States and obliged entities must follow.
Government publishes PSC Register requirements
The Department for Business, Innovation and Skills has made the legislation introducing the people with significant control (PSC) register (in advance of the MLD4 requirement to do so). Companies, limited liability partnerships and Societas Europaea will be required to hold a PSC register from 6 April 2016.
Covered entities will need to send the information to Companies House with their confirmation statement (which replaces the annual return) or on incorporation from 30 June 2016 onwards. The registrar will maintain the PSC information in a central public register. This will mean that the central register will contain a full set of data on all UK companies in scope by July 2017. Companies House will make PSC information publicly available for free in a central PSC register. Treasury has now made Regulations that it intends to lay before Parliament in January 2016, and at that time also to publish guidance. The regulations will cover exemptions from the requirement to register, ownership information required, fees for registration, penalties and protection and disclosure of information. The government accepts it will need to refine the PSC register further to comply with the requirements of the fourth Money Laundering Directive.
Bribery Act prosecutions – the first DPA
Our round up of key events from 2015 (see Financial Regulation International December 2015) summarised the facts that led to the first deferred prosecution agreement (DPA) being agreed between the Serious Fraud Office (SFO) and a UK entity (the then Standard Bank plc). As we reported in that summary, Standard Bank was joint lead arranger, with a Tanzanian sister company, on a fund-raising for the Tanzanian government, and its sister company became involved in bribery with an agent it appointed.
No-one in the UK entity appreciated the need to carry out due diligence on the agent, nor to act on the red flag indications it had noted. SFO and the relevant judge agreed there was no prospect of Standard Bank claiming it had adequate procedures, and that it had therefore breached s7 Bribery Act.
SFO said that the case had proved where the "high bar" for co-operation could be. SFO had previously indicated that in order for it to consider a DPA might be appropriate there would need to be a high degree of willingness to co-operate and that this should prove to be the case in fact. SFO advised any company considering this route should take note that, although "adequate procedures" were not discussed in this particular case, the important thing is to view facts as they occur. Regardless of what any procedures might say, if a red flag seems obvious, it should be treated as such. The judge's comments on how Standard Bank had acted once it became aware of the problem were also of key importance. SFO has suggested its conduct was a prime reason for SFO deciding a DPA was appropriate, and stressed it will not be planning to make most corporate actions DPA arrangements. It will use DPAs only when a narrow set of specific factors suggest it is the best route.
While we still await the first prosecution or DPA that analyses whether procedures were "adequate" for the purposes of the defence to the failure to prevent offence, this case is the first illustration of how DPAs are likely to operate in future. However, in a speech, SFO had indicated there would be another DPA before the end of 2015. This has not materialised, but maybe the next one is close.
FCA fines and restricts Bank of Beirut for misleading it
The Financial Conduct Authority (FCA) has fined Bank of Beirut (UK) Ltd £2.1 million for breach of Principle 11, fined its former compliance officer £19,600 and its internal auditor £9,900, and stopped the bank from acquiring new customers from high-risk jurisdictions for 126 days. It found the bank had repeatedly provided FCA with misleading information after FCA told it to address concerns regarding its financial crime systems and controls. It found the two approved persons, who it appreciated were under the influence of senior management, had not been open and honest in answering FCA's requests. It said they should have challenged senior management. FCA had required the bank to put in place a remediation plan when it found the bank's culture meant it gave insufficient attention to risk and regulation despite the high risk that it might be used for financial crime. The bank failed fully to implement the plan but told FCA it had done so.
FCA fines Barclays for AML failings
FCA has fined Barclays Bank (Barclays) £72,069,400 for failing to minimise the risk of being used to facilitate financial crime. Barclays arranged and executed a £1.9 billion transaction which involved several ultra high net worth PEPs who were the beneficiaries of a trust in which proceeds of investments were held. The customers and the transaction should have been subject to enhanced levels of monitoring and due diligence by the bank. FCA stressed that it had found no evidence of financial crime, but said the circumstances of the transaction indicated a higher level of risk and yet Barclays applied a lower level of due diligence than its policies required. Barclays agreed to keep details of the transaction strictly confidential and agreed to indemnify the clients up to £37.7 million in the event that it failed to comply with these confidentiality restrictions. As a result, Barclays decided its normal procedures for dealing with PEPs were not appropriate for the relationship and restricted the numbers of staff involved in it. FCA found Barclays had breached Principle 2 by failing to conduct its business with due skill, care and diligence. Specifically:
- front office senior management did not properly oversee handling of the risks. It was unclear who had responsibility and those who approved the relationship understood neither the risks involved nor the purpose of their approval;
- despite having classified the clients as "sensitive PEPs", the bank did not respond to several features of the relationship that indicated higher risks of financial crime;
- it did not follow its standard procedures, and in fact followed a less robust process than it would normally have done with lower risk business. For example, it did not ask clients for information so as not to inconvenience them;
- there were insufficient checks on the purpose of the relationship and source of funds. The bank did not ask questions when funds received were not identified as respected, and did not query instances where its requests for information were refused;
- it did not monitor risks on an ongoing basis; and
- it failed to keep adequate records of the due diligence it carried out.
The fine comprises the whole of Barclays' revenue from the transaction as well as a penalty of £28,242,000 (discounted by 30% for early settlement) and is the largest fine imposed by FCA for financial crime failings.
Government and Regulatory Initiatives
Members of the Government, the National Crime Agency (NCA), Bank of England, FCA and City of London Police launched the Joint Money Laundering Intelligence Taskforce, developed by the Home Office, NCA, CoLP, British Bankers' Association and other financial institutions. They have established the Financial Sector Forum, which meets three times a year and aims to make the UK's financial sector a more hostile environment for criminal activity, build international cooperation and help to recover the proceeds of crime.
Home Office calls for evidence on SARs regime
The Home Office issued a call for evidence seeking views on the SARs regime as part of the UK's Anti-Corruption plan. It asked for views, in relation to both money laundering and terrorist finance suspicion reporting, on how to:
- improve the regime;
- develop ways of better identifying money laundering and terrorist financing;
- streamline the reporting process; and
- prevent the abuse of the UK financial system by criminals and terrorists.
Bribery and Corruption Enforcement Review
The second phase of the UK's Bribery and Corruption Enforcement Review completed in June, including a report on the role of the various enforcement agencies and an analysis of threats.
Treasury publishes AML report
The AML and counter terrorist finance (CTF) supervision report for 2013-14 highlighted the Government's concerns over the increasingly "broad brush and disproportionate" implementation of banks' legal and regulatory requirements in this area, specifically in terms of extreme derisking policies and treatment of PEPs. It criticises the perception that supervisors expect "zero failure" and says this is not the case - supervisors expect to see a risk-based approach that understands and mitigates risks in a proportionate manner. The paper addresses the challenges of Financial Action Task Force (FATF) expectations and preparations for implementation of MLD4. It also looks at how supervisors are to prove effectiveness of their techniques. It focuses on several case studies showing how different supervisors have tackled their responsibilities. Throughout the year, as usual, Treasury has updated its AML advisories following FATF announcements.
Treasury launches "red tape" consultation
Treasury launched a review designed to improve the effectiveness of AMLF/CTF rules. The review forms part of Treasury's aim to save businesses money by cutting the "red tape" of burdensome but ineffective regulation. It has called for evidence on several aspects of the UK's laws and guidance, including:
- the effectiveness and proportionality of the supervisors' approach to supervision and enforcement;
- how and where businesses access information about their compliance, and how effective and proportionate available guidance is (such as FCA and the Joint Money Laundering Steering Group);
- evidence of over-implementation;
- whether self-regulation supports an effective and proportionate AML/CTF regime;
- examples of good practice by supervisors to support business compliance; and
- evidence of the supervisory regimes in other countries that the UK could benefit from, or that impacts on UK businesses.
The review does not cover the SARs regime, which the Home Office is reviewing (see above). Treasury asked for comments by the end of October.
Treasury publishes ML NRA
Treasury released its first national risk assessment (NRA) on the domestic risks of money laundering and terrorist financing within the regulated sector. This includes the risks associated with cash, new payment methods and UK legal entities and arrangements. It also covers the international risks to the UK from money flowing into and out of the country. The objective of the NRA is to better understand the risks involved, inform the efficient allocation of resources and mitigate those risks. Key findings include:
- UK law enforcement agencies have the most knowledge about cash-based money laundering but intelligence of other money laundering patterns is patchy;
- the size and complexity of the UK financial sector mean it is more exposed to criminality than those in many other countries;
- the effectiveness of the supervisory regime in the UK is inconsistent;
- the law enforcement response to money laundering has been weak for an extended period of time; and that
- last year over 350,000 SARs were filed with the UK Financial Intelligence Unit (UKFIU), the vast majority of those being submitted by the financial sector.
The next steps for the action plan are:
- to plug intelligence gaps, particularly those associated with "high end" money laundering through the financial and professional services sectors;
- to enhance law enforcement responses to the most serious threats;
- to reform the SARs regime, and upgrade the capabilities of UKFIU; and
- to address the inconsistencies in the supervisory regime that have been identified through the NRA.
SFO speaks on co-operation
SFO has made several speeches, before and after the announcement of the Standard Bank DPA, looking at SFO's initiatives, approach and on how firms should co-operate with SFO. The key messages (which also came out of the DPA) are:
- in principle, SFO is more likely to consider a DPA if a firm comes to it, rather than if SFO discovers the firm's failings – even if the firm has put everything right;
- firms should probably go to SFO sooner than they think. They should not usually wait until they have finished their investigations; and
- once firms have come to SFO, SFO will seek to be commercial and cooperative in how the investigation progresses.
Transparency International recommends AML overhaul
Transparency International has reported on weaknesses in the supervision of the UK's AML rules. It recommends a radical overhaul of the AML system and lists the existing system's weaknesses as being poor oversight, a lack of transparency, ineffective sanctions and questionable independence. It claims that no sector supervisor in the UK is providing a proportionate and credible deterrent to those who engage in complicit or wilful money laundering. The key vulnerability of the financial services sector is evidenced by a third of banks dismissing serious allegations of money laundering regarding their customers without adequate review. Alongside overhaul of the AML system, Transparency International recommends increasing levels of enforcement against money laundering and providing better information about money laundering risks to the private sector.
FCA looks at de-risking
A new page on FCA's website considers the trend for banks to de-risk by citing money laundering concerns as reasons not to do business with generic types of customer. FCA says that, generally, banks should consider their position on a case by case basis and that it would not normally expect them to refuse business on the basis solely of compliance with AML legislation. It acknowledges the decision to accept or maintain a business relationship is ultimately a commercial one for the bank but says it will now consider during its AML work whether firms' de-risking strategies give rise to consumer protection and/or competition issues. FCA has further affirmed its support for FATF's stance on derisking.
FCA updates on FC guidance
FCA has updated its Financial Crime (FC) guidance, despite concerns that it should make few changes before the MLD4 is implemented. The main changes relate to:
- how FCA expects firms to establish source of wealth and source of funds; and
- arrangements intermediaries should make in respect of oversight and management of third-party introducers and other intermediaries.
FCA speaks on AML
FCA spoke on the future of AML regulations, focusing on:
- the requirements of MLD4 and what it will mean for firms. FCA noted some controversial issues which Treasury's forthcoming consultation on implementation will address, such as what MLD4 means by its requirement to "screen" employees and how UK laws will change to meet the MLD4 requirements on domestic PEPs. It also noted the importance of the finalised guidance at EU level being right, as national regulators will have to comply with it;
- FCA's proposal for a new data return on financial crime, and how FCA hopes the information firms give it will help it meet its duties to prevent financial crime and to assess which firms it needs to monitor most closely. FCA intends this form to help it gather information from firms about their customers, areas of business, the resources they allocate to tackling financial crime, the number of suspicious activity reports they file, sanctions and asset freezes and the firm's views on fraud. It plans to use the data to conduct proactive trend analysis. The new forms will apply to all firms subject to the Money Laundering Regulations and some general insurers, Lloyd's managing agents and certain credit unions and friendly societies;
- the Senior Managers Regime and how the obligation to give a senior manager explicit responsibility for overseeing a firm's efforts to tackle financial crime sits alongside the Money Laundering Reporting Officer (MLRO). The MLRO may also be the individual with overall responsibility for ensuring the firm meets its overall financial crime responsibilities, but need not be;
- the problem of "derisking", and how FCA needs to understand why banks are using AML measures as a reason to apply wholesale derisking;
- innovation and use of technology in AML compliance;
- international efforts; and
Previously published by Financial Regulation International
Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.