One of my most over-used phrases in my AML training is “new entrants to the AML family” – when I am explaining that we cannot expect all sectors (e.g. estate agents, art market participants) to be as au fait with their AML obligations as those who have been in the gang since the very beginning. Cast your mind back, if you will (and if you’re old enough…): on 1 April 1994 Bill Clinton was in the White House, John Major was in Number 10, the Church of England had just ordained its first women priests, and the Money Laundering Regulations 1993 came into force, requiring retail banks to put in place procedures designed to prevent and forestall money laundering. A quick count on fingers and toes tells me that this was more that 27 years ago – so plenty of time to get used to it. And yet, and yet…
On 21 May 2021 the Financial Conduct Authority was moved to send a “Dear CEO” letter to the retail banks that it supervises for AML/CFT purposes. It starts with a turn of phrase familiar to everyone who had one of those fierce teachers in primary school: “We are disappointed to continue to identify, across some firms, several common weaknesses in key areas of firms’ financial crime systems and control frameworks.” You can imagine the sad shaking of heads in the board room at FCA Towers. But actually, it’s no laughing matter: how can retail banks STILL be getting it wrong after a quarter of a century? And the failings are so consistent and so persistent that the FCA has set a deadline – 17 September 2021 – by which banks must perform a “gap analysis against each of the common weaknesses… outlined”, ready to be shown to the regulator if requested.
And so what are these failings – presumably they are all at the knottier end of AML, perhaps issues around beneficial ownership and outsourcing, or the corroboration of source of wealth information? Heck no – it’s the basics (as well as the knotties):
- “The quality of the business-wide risk assessments we have reviewed is poor” – incidentally, I note the introduction of the word “wide” to avoid the unfortunate acronym BRA
- “We often identify instances where CDD measures are not adequately performed or recorded.”
- “Firms do not always assess the level of risks posed by a PEP and tailor the extent of their due diligence.”
- “We also find some firms’ transaction monitoring systems are based on arbitrary thresholds, often using ‘off-the-shelf’ calibration provided by the vendor without due consideration of its applicability to the business activities, products or customers of the firm.”
- “Often firms are unable to adequately demonstrate to us their investigation, decision-making processes and rationale for either reporting or not reporting SARs to the National Crime Agency.”
If retail banks are still not getting it right when it comes to risk assessment, CDD, treatment of PEPs, transaction monitoring or suspicion reporting, just what are they getting right? And next time a bank employee says to me during training, “Well, what can you expect when you deal with a law firm/estate agency/casino?” I shall channel my inner Dolores Umbridge and give them a hard stare. (I also have an outer Dolores Umbridge, as I am frequently mistaken for Imelda Staunton. I once got a free gelato in Italy on the strength of it.)
I am on holiday next week and so there will be no blog post. Normal service will resume on Wednesday 8 September 2021.