An eagle-eyed reader in Guernsey (thanks, Guy) was perusing the FCA’s recent Final Notice on the Bank of Beirut, and spotted this in paragraph 2.8: “The [FCA] therefore imposes on Bank of Beirut: (1) [a fine]; and (2) a restriction for a period of 126 days, in respect of its regulated activities only, that Bank of Beirut may not acquire new customers that are resident or incorporated in high risk jurisdictions. For the purposes of this restriction only, high risk jurisdictions are defined as countries which have a score of 60 or below in Transparency International’s Corruption Perceptions Index.” Whoa, Nelly, as Ms Furtado would say. Is this the FCA determining for us which jurisdictions are high risk (albeit “for the purposes of this restriction only”)?
Now, we went around this block last year, didn’t we? In summer 2014, the FCA suddenly published – and then just as suddenly removed – their own list of high risk jurisdictions. (You can read our deliberations here.) The problems with such an approach are manifold. The FCA is only one of the UK’s regulators – so should the other regulators adopt the same list? And should such a list be published anyway, given that businesses in the regulated sector are told over and over that the risk-based approach – including the determination of high risk jurisdictions – should be undertaken in-house, based on their own exposure to ML/TF risk, and not adopted off-the-shelf? And if the expectation is in fact that all businesses should use the same list of high risk jurisdictions rather than creating their own, then surely that list should be referred to in the legislation, and (given that we do have a fragmented regulatory regime here in the UK) published and maintained by a government agency rather than just one regulator? Do you see me sitting on my high horse, rolling my eyes and smacking my forehead in exasperation? It’s quite an ask, and I may fall off.