On 19 December 2022, HM Treasury published the "Anti-money laundering ("AML") and countering the financing of terrorism ("CFT"): Supervision Report 2020-22" (the "Report").
The Report summarises the performance of the UK's AML/CFT supervisors between 6 April 2020 and 5 April 2022 (the "Relevant Period"), including the UK Financial Conduct Authority (the "FCA").
The Report brings to light several important and revealing statistics, particularly regarding the approach taken by the FCA to AML supervision and enforcement during the two years most impacted by Covid-19.
Unsurprisingly, Covid-19 and government-imposed restrictions significantly affected the FCA's AML supervisory work in the Relevant Period. The limits on household mixing severely restricted the ability of AML supervisors to carry out onsite visits, and the Report confirms that no onsite AML visits were conducted by the FCA during this two-year period. The Report notes that AML supervisors sought to compensate for the lack of onsite visits with an increased "depth, breadth and intensity" of their desk-based reviews.
Despite the shift from onsite to desk-based supervision during the Relevant Period, FCA supervisory and enforcement action continued and indeed increased by some measures, including the total value of fines imposed and the proportion of firms subjected to review that were found to be "non compliant" and subjected to further action.
At a policy level, the Report found that there continues to be a high-risk of money laundering in financial services, as well as an increased money laundering risk in the cryptoasset ecosystems and notes the conclusion by the Financial Action Task Force ("FATF") that the UK's AML supervisory regime is only "moderately effective".
This e-alert summarises the most important insights contained in the Report concerning the AML supervisory focus and activities of the FCA during the Relevant Period and offers some thoughts on what to expect in these regards from the FCA in 2023 and beyond.
Onsite AML Visits
As noted above, due to social distancing measures, the FCA undertook no onsite visits during the Relevant Period, compared to 30 onsite visits in 2019-20.
Desk Based AML Reviews ("DBRs")
Volume
The lack of onsite visits by the FCA likely explains the significant increase in DBRs, from 147 conducted in 2019-20 to 210 in 2020-21. However, perhaps surprisingly, the number of DBRs then fell significantly in 2021-22, from 210 to 78. No explanation is given for this sudden reduction, although the Report notes that the number of full-time staff working on AML Supervision at the FCA fell from 47 to 40 during the Relevant Period.
Findings of DBRs
The Report identified that 28% of the firms subject to a DBR by the FCA in 2020-21 were deemed "compliant", 65% "generally compliant", and 7% "non-compliant".
Of the firms subject to a DBR in 2021-22, 36% were "compliant", 13% "generally compliant", and 22% "non-compliant", with the remaining 29% "awaiting an outcome" at the time of the Report’s publication.
Analysis
The very significant decrease in the number of DBRs across the Relevant Period and the large proportion of pending outcomes in 2021-22 may suggest resource constraints or a backlog of cases, which may continue to impact the FCA's supervisory work in 2023.
While there was a drop off in the number of DBRs conducted in in 2021-22 (as against the preceding year), a greater proportion of DBRs resulted in formal action, with the FCA taking formal action against 17% of firms subject to a DBR, an increase from 7% in 2020-21.
Interestingly, the increase in formal action in 2021-22 arose despite an apparent shift in focus away from "high-risk" firms. Of the 210 DBRs conducted by the FCA in 2020-21, 181 were conducted on "high-risk" firms, 27 on "medium-risk" firms, and 2 on "low-risk" firms.
By comparison, of the 78 DBRs in 2021-22, 51 were targeted at "high-risk" firms, 7 on "medium-risk" firms, and 20 on "low-risk" firms.
It follows that, whereas 86% of DBRs in 2020-21 were targeted at "high risk" firms, such firms represented only 65% of DBRs in 2021-22.
Additional supervisory measures
MLROs and Approvals
The FCA wrote to 643 firms regarding significant turnover in the firms’ Money Laundering Reporting Officer (MLRO) function over the last three years.
Unsurprisingly, the FCA continued to use its Approvals process as a means to assess and test AML compliance. During the Relevant Period, the FCA received 368 and 270 applications for AML supervision, in 2020-21 and 2021-22 respectively, and approved only 111 and 211 of these.
Firms making Applications to the FCA (including for MLRO approvals) should be aware of the height of the bar that the FCA expects firms and candidates to meet.
New and current investigations
The Report reveals that the FCA opened 201 cases related to financial crime during the Relevant Period.
The Report also confirms that the FCA currently has 38 AML investigations open, and 75 open investigations into suspicions of insider dealing, as part of their agenda to promote clear and fair markets. The FCA submitted over 650 Suspicious Activity Reports ("SARs") to the National Crime Agency during the Relevant Period.
What counts as an "investigation" for these purposes is not clear. Whether statutory notices have been issued (Notices of Appointment of Investigators) in all the cases comprised in the headline figures is not revealed.
Nevertheless, taken at face value, the figures for new and current financial crime investigations do suggest an ongoing appetite at the FCA to use investigative and enforcement tools to combat financial crime.
Enforcement
Across the Relevant Period, the FCA issued seven fines under the MLRs and FSMA, totalling over £500m (compared with no fines in the year 6 April 2019 to 5 April 2020).
Although not detailed in the Report, it can be established – with reference to the detailed figures given in the Report – that those seven fines are those set out below:
|
Name
|
Fine
|
Date
|
|
Commerzbank AG
|
£37.8 million
|
3 July 2020
|
|
Goldman Sachs International
|
£48.3 million
|
22 October 2020
|
|
Credit Suisse
|
£147.1 million
|
19 October 2021
|
|
Sunrise Brokers LLP
|
£642,400
|
12 November 2021
|
|
National Westminster Bank Plc (NatWest)
|
£264.8 million
|
13 December 2021
|
|
HSBC Bank Plc
|
£63.9 million
|
17 December 2021
|
|
Sapien Capital Ltd
|
£178,000
|
6 May 2021
|
During the 2021-22 reporting period, the FCA brought its first criminal prosecution of a regulated firm under the MLRs, charging NatWest with three offences in connection with its failure to properly monitor the activity of a commercial customer (and securing a conviction).
AML Enforcement has kept pace, or even accelerated since April 2022, when measured against outcomes. Since that time, the FCA has issued a significant number of Notices and financial penalties, including two already in 2023:
|
Name
|
Fine
|
Date
|
|
Ghana International Bank Plc
|
£5.8 million
|
2 June 2022
|
|
The TJM Partnership Ltd
|
£2 million
|
15 July 2022
|
|
Gatehouse Bank Plc
|
£1.5 million
|
14 October 2022
|
|
Santander UK Plc
|
£107.7 million
|
9 December 2022
|
|
Guaranty Trust Bank (UK) Ltd
|
£7.6 million
|
10 January 2023
|
|
Al Rayan Bank plc
|
£4 million
|
11 January 2023
|
What to look out for in 2023
"Focused Supervisory Interventions" – a focus on the most common breaches?
The FCA is likely to continue to focus investigative and enforcement recourses on AML breaches in 2023 and beyond and – in particular – as part of what it calls "Focused Supervisory Interventions", in cases similar to those it has identified for enforcement action to date.
The most frequent AML breaches occurring across the FCA Notices issued in the Relevant Period (and from July 2022 to date) were:
- Inadequate customer due diligence (CDD) procedures
- Inadequate enhanced due diligence (EDD), specifically in relation to Politically Exposed Persons (PEPs)
- Inadequate client risk assessments
- Inadequate firm-wide risk assessments
- Inadequate training of staff responsible for AML supervision
- Inadequate documentation of risk-assessments and measures taken to monitor risk
- Inadequate policies, controls, and procedures
- Inadequate understanding of risk, both firm-wide and for individual customers
The prevalence of these issues in published FCA enforcement cases provides a clear signal as to the types of breaches it might look for, and in respect of which it might consider enforcement action.
Firms can use this list as a prompt to consider how AML systems and controls (and the individuals responsible for the same) are performing; whether such systems remain effective in light of emerging risks or business changes; and whether senior management can be shown to have sufficient visibility of and engagement with AML data and any issues.
Data led Supervision
A clear theme emerging from the Report is the FCA's increasing use of data to proactively identify and target particular issues and firms for supervisory attention.
Financial Crime data returns ("REP-CRIM"), whistle-blower intelligence, SARs and notifications (under SUP 15, including Forms C, D and E, and Principle 11) will be utilised to assist the FCA in determining where and how to focus attention and commit resources.
Firms should be aware that data returns and notifications to the FCA are being and will continue to be used by the FCA in this way and should pay ever greater attention to the accuracy and quality of communications to and with their regulator.
Sanctions
Since February 2022, the FCA has diverted resources to mitigate the risks arising from the Russian invasion of Ukraine and subsequent sanctions.
The FCA sent direct communications to over 10,000 higher risk (from a sanctions evasion viewpoint) regulated firms. It has also conducted work on developing supervisory processes to assess firms' systems and controls around sanctions. A sanctions screening tool has also been rolled out, to test the effectiveness of firms' sanction screening systems.
In 2021/22, the wider supervisory teams, outside the dedicated financial crime supervision teams, opened an additional 87 cases in relation to financial sanctions.
It is likely that the FCA will continue to consider sanctions as a significant area of interest in 2023.
Cryptocurrency
In January 2020, the FCA became the AML supervisor for cryptoasset businesses, such as exchanges and custodian wallet providers, that are active in the UK.
Since then, the FCA has introduced a robust assessment process at the registration gateway that has led to almost 90% of firms withdrawing their applications or being rejected by the FCA, due to significant weaknesses.
In 2021/22 the wider supervisory teams, outside the dedicated financial crime supervision teams, opened an additional 147 cases in relation to cryptoassets as part of the registration process. However, the FCA did not take any other enforcement action against cryptofirms for money laundering in 2022.
It is likely that the FCA will continue to consider cryptoassets as a significant area of interest in 2023, especially given the high-profile, wide-reaching, crypto collapses in 2022.