Blog: How effective are the FCA’s criminal and civil powers to combat money laundering?
21 Mar 2022
As the Financial Conduct Authority uses its powers of criminal prosecution for the first time in a money laundering case against NatWest, Olivia Dwan, barrister in our Business Crime department, sets out the agency’s civil and criminal powers in a blog.
The Financial Conduct Authority (FCA) has a wide range of civil and criminal powers to crack down on money laundering committed by UK-based individuals and companies working in financial services.
While the agency’s ability to bring civil cases for money laundering is long-established, it was only in March 2021 that the agency brought its first criminal prosecution, against NatWest.
With a fine of over a quarter of a billion pounds, the NatWest case was a significant win for the agency. But how indicative is this case of the agency’s future strategy? How effective are the FCA’s criminal and civil powers? And what action should anyone facing the prospect of an FCA investigation take?
FCA’s powers of criminal prosecution
The FCA gained the power to prosecute alleged money launderers under the Money Laundering Regulations 2007 (MLR 2007).
The Money Laundering Regulations apply to financial institutions, legal professionals and other professionals such as auditors, accountants and credit institutions in the conduct of general business and transactional work. This selection of individuals is known as “relevant persons” within the regulations.
The regulations create a single offence under regulation 45 MLR 2007 of failure to comply with a requirement made by one of the regulations. The offence may be committed where any one of the following eight requirements are not met:
- the requirement to apply due diligence
- the requirement to conduct ongoing monitoring of a business relationship
- the requirement to carry out customer verification
- the requirement to carry out customer due diligence
- the requirement to carry out enhanced due diligence
- the requirement to keep records
- the requirement to maintain appropriate and risk-sensitive policies and procedures
- the requirement for employee training and awareness
The standard defence available for the failure to comply offence can be made out if the relevant person can prove that they took all reasonable steps to follow relevant guidance at the relevant time and exercised all the due diligence possible to avoid committing the offence.
Relevant guidance will include any guidance issued by a supervisory authority such as the FCA, and any guidance approved and published by the Treasury.
If the FCA suspect a relevant person has failed to follow relevant guidance, a formal investigation may begin.
In recent years the FCA has widened its remit beyond chief executives to staff at lower levels. The relevant person is usually notified of an investigation by service of a Notice of Appointment which provides a broad outline of the investigation and the period being investigated. The FCA then begins an evidence gathering exercise by which it recovers documents and conducts interviews. The agency has a wide range of powers to seize and access material in respect of this.
Most cases are open to resolution in both the civil and criminal courts at the evidence gathering stage. However, regulatory investigations can evolve into criminal investigations where the relevant conduct is considered serious, and the monetary remedies and injunctions available in the civil courts are not considered adequate avenues to resolve the case.
If a relevant person is notified of an investigation against them, they must seek specialised legal advice as soon as possible. This is because the position of the individual can be protected at a much earlier stage with the intervention of a lawyer. Decisions made at the outset as to disclosure and potential cooperation can be critical.
The NatWest case
Despite being on the statute book since 2007, it wasn’t until March last year that the FCA announced its first criminal prosecution for breaching Money Laundering Regulations.
The agency alleged that NatWest had failed to properly monitor suspicious activity by its customer Fowler Oldfield, a Bradford-based gold dealer. It alleged that the jeweller, which had been shut down in 2016 after a police investigation, deposited £365m at 50 different branches of the High Street bank over a five-year period. These deposits included £264m in cash, which at one point came into the bank at a rate of £1.8m a day. At least £700,000 was transported to the bank in bin bags.
NatWest pleaded guilty to the charges in December 2021. It was fined £264.7m, ordered to repay £460,000 to cover any financial benefit, and pay legal costs of £4.2m.
Although the facts of this case, and the short period of time between charge and conviction, may give the impression that the NatWest prosecution was a ‘slam dunk’ for the agency, an exchange of letters between the agency and Parliament’s Public Accounts Committee shows it actually took a significant amount of work.
Responding to a question about why it took the FCA five years to bring the prosecution following police investigation, the agency’s CEO Nikhil Rathi said the NatWest probe had taken 30,000 staff hours, had involved compelled interviews with 85 witnesses, forensic reviews of 300,000 documents and 350 separate rounds of legal correspondence.
It could be said that the large fine applied to NatWest as a company would do very little to deter individuals from failing to meet regulatory standards in future. However, there has been undoubtable damage to NatWest’s reputation which may force a culture change within the company and its competitors to ensure no further investigations are brought.
Cases such as this emphasise a clear need for corporates to ensure they keep adequate records of all decision making which could be caught by the regulations such as ‘Know Your Customer’checks, due diligence and protocols relating to beneficial ownership. These are likely to be beneficial should an investigation arise, and may help individuals and firms to cooperate in interviews, or should the worst happen, as mitigation on sentencing.
The FCA’s civil penalty powers
In contrast to its criminal prosecution abilities, the FCA is far more practiced in its use of civil powers to impose fines and censures on firms and individuals under regulations 76(1) and (2) of the MLR.
It has imposed some hefty civil penalties. In June 2020, it issued a fine of £37.8m on Commerzbank London based on ineffective verification of beneficial ownership, particularly whether politically exposed parties were involved in transactions and a lack of protocol for termination of a customer relationship because of a risk of financial crime.
Commerzbank was also sanctioned for “substantial and unjustifiable” backlogs in updated ‘Know Your Customer’ checks. This was exacerbated by a lack of cohesion between paper records and updated digital systems. Interestingly, the FCA found that the updated systems themselves contributed to the continuing backlog.
The Commerzbank case serves the dual purpose of flagging the importance of risk management, but also early engagement with the regulator. The firm benefitted from a 30% discount on its fine owing to cooperation.
A second sanction of £96.6 million was imposed in conjunction with the Prudential Regulation Authority on Goldman Sachs International in relation to the arrangement of bonds for a Malaysian incorporated company which was the subject of serious embezzlement allegations. The deals were arranged by a team based in Asia but they were “booked” in the UK.
The FCA cited three key risk factors; large transactions within a compressed space of time, high risk jurisdictions, and the fact that a closely associated third party had been identified as high risk.
Although a separate committee approved the transactions, the FCA criticised the firm’s reliance on the deal team’s misrepresentations about the risks of the transactions on the basis that the team had an “evident interest” in the deals proceeding. Whilst the FCA acknowledged that the committee may have considered a censored version of events when assessing third party risk, it criticised the committee’s failure to conduct a sufficient standalone assessment.
Here again, cooperation paid dividends. The firm secured a 30% discount on its fine. This penalty demonstrates the emerging threat of a UK branch of a bank being stung by the actions of a branch abroad.
The FCA has been forthright in its warnings to money launderers.
In March 2021 – and shortly before the announcement of the NatWest prosecution – Mark Steward, the FCA’s Executive Director of Enforcement and Market Oversight, delivered a speech in which he warned of the severe consequences for firms who fail to enact ‘purposeful’ anti-money laundering measures.
“Detection, investigation and prosecution, where necessary – either civilly or criminally – of breaches of the Money Laundering Regulations are key priorities for the FCA”, Mr Steward stated.
He went on: “Systems and controls that are purposeful, efficient and courageous in identifying suspicious activity are vitally important.”
At the time of Mr Steward’s speech, the FCA was running 42 separate investigations into allegations of money laundering by firms and individuals.
But in January 2022 the Financial Times reported that figure to be “about 40”, of which two probes were criminal and six were “dual track”.
Where to now?
The FCA’s tough words on money laundering have, in some respects, played out. Mr Steward’s hard-hitting speech in March last year was followed by the spectacular criminal conviction of NatWest.
But the evidence from the FCA suggest that even the NatWest conviction, with its striking evidential matrix, was not ‘easy pickings’ for the agency. It took a lot of investment of time and money from the agency to win the case.
Despite this, there should be no doubt about the FCA’s willingness to prosecute.
Where the criminal standard of proof cannot be met for prosecutions, the FCA may turn back to their typical civil powers to seek monetary redress for failures to comply with the regulations.
Regardless, the penalties applied emphasise the fact that approval of transactions at committee level will not insulate an entire company from liability, and the ever-growing need for watertight systems and controls to be maintained and developed throughout financial institutions.