Executive Dealing with Politically Exposed Persons (PEPs)
Executive Summary The Financial Conduct Authority (FCA) conducted a review of the Firm’s anti-money laundering (AML) systems and controls and produced a report which was critical about the culture within the organisation and the Firm’s general approach to countering the risk that the Firm might be used to facilitate money laundering. The Firm is a private bank and its customer base comes mainly from middle-eastern countries, which are countries considered of high risk. Given the FCA’s report, the Firm’s Money Laundering Reporting Officer (MLRO) has commissioned this internal report to consider the FCA’s findings and to recommend on the next steps that the Firm should take in order to ensure that the Firm sufficient controls in place to mitigate the risk that it might be used to launder money. The findings and recommendations of this report are based on the FCA’s report and discussions with the Firm’s senior managers and relevant members of staff. The firm section has observations made as a result of the FCA report and the discussions held internally. Each observation is followed by a recommendation.
The last section has some additional recommendations which, when implemented, will provide the foundation and support for each of the recommendations made in the observations section. The recommendations of this report have the following objectives: · To ensure the Firm has robust AML systems and controls in place.· To ensure that the Firm’s employees have the relevant skills, knowledge and expertise in relation to anti-money laundering.· To avoid the Firm engaging with criminals who may damage the Firm’s integrity and reputation.· To make sure that the Firm’s senior management are kept informed of the AML risks the Firm is exposed to so they can allocate sufficient resources.
· To make sure that there is a culture of compliance within the Firm implemented from the top, where the integrity and reputation of the Firm, its employees and clients are paramount. The Firm should consider whether there should be independent oversight from independent consultants when implementing the recommendations below. It is recommended that the recommendations from this report are implemented within the next twelve months and that a new internal report is commissioned after the twelve month period to report on the Firm’s progress. Region/ Jurisdiction: UK Observations 1. Dealing with Politically Exposed Persons (PEPs)It has been noted that the Firm had no clear approach to identify and deal with PEPs. Given that the Firm’s core customers come from countries which are considered as high risk of money laundering, without a clear and consistent procedure to identify and monitor PEPs the Firm is exposed to the risk of money laundering. The Firm should consider that without an appropriate system to identify and deal with PEPs, it could be a potential breach of the following rules, which could result in enforcement action: Chapter 2 (35) of the Money Laundering Regulations 2017 – firms must have in place appropriate risk-management systems and procedures to determine whether a customer or the beneficial owner of a customer is – (a) a politically exposed person (a “PEP”); or (b) a family member or a known close associate of a PEP, and to manage the enhanced risks arising from the relevant person’s business relationship or transactions with such a customer.
FCA SYSC 3.2.6R A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime. The Firm should also consider the following enforcement actions which are relevant to having appropriate systems and controls in place to deal with PEPs: November 2015 – FCA fines Barclays £72 million pounds for failing to minimise the risk that it may be used to facilitate financial crime in relation to a transaction with ultra-high net-worth individuals who were PEPs. October 2016 – FCA fines Sonali Bank (UK) Limited over £3 million for a series of failures in its systems and controls, including the failure to apply appropriate enhanced due diligence to customers identified as PEPs.
March 2012 – FSA fines Coutts & Company £8.75 million for poor AML systems and controls. Coutts failed to take reasonable care to establish and maintain effective anti-money laundering systems and controls in relation to their high risk customers, including in relation to customers who are politically exposed persons. RecommendationFirm to implement appropriate procedures for dealing with PEPs. These procedures should include:· Appropriate training to relevant employees which should include: how to recognise a PEP and Associated persons, conducting enhanced due diligence on PEPs and Associated Persons.
Region/ Jurisdiction: UK · Ensure that where a PEP is identified, the final approval to enter in the business relationship should be granted by a senior manager who understands what a PEP is and the risks involved.· Ensure that the account of PEPs and Associated Persons are subject to on-going monitoring. When implementing these procedures, the Firm should consider the FCA publication FG17/6: The treatment of politically exposed persons for anti-money laundering purposes.
The Firm should also consider sections 5.5.13-36 on PEPs in the JMLSG Guidance. 2. Procedures for recognising money laundering and making Suspicious Activity Reports (SARs) It has been noted that staff at the Firm are unclear as to the meaning of ‘knowledge or suspicion’ of money laundering and are unclear about the procedures to be followed in the event of suspicion of money laundering. Lack of knowledge in relation to what money laundering entails, the process of money laundering and its consequences increase the risk of the Firm engaging with customers who are laundering money. The Firm is expected to provide appropriate training to its staff on a periodic basis so that they know how to recognise suspicious activities of money laundering, how to report them through the appropriate channels and their obligations under the Money Laundering Regulations when there is a suspicion. Where there is no appropriate training to staff the Firm could be in breach of the following rules, which could lead to enforcement action: Chapter 2 (24) (1) of the Money Laundering Regulations 2017 A relevant person must— (a) take appropriate measures to ensure that its relevant employees are— (i) made aware of the law relating to money laundering and terrorist financing, and to the requirements of data protection, which are relevant to the implementation of these Regulations; and (ii) regularly given training in how to recognise and deal with transactions and other activities or situations which may be related to money laundering or terrorist financing.
SYSC 6.3.7G A firm should make sure that the systems and controls include (1) appropriate training for its employees in relation to money laundering. Where the Firm has not reported a suspicion (because, for example, employees do not know how to identify it), the Firm could be in breach of the following rules, both related to the reporting of suspicious activity: Part 3 of the Terrorism Act 2000 (terrorist property)(j) (19)Part 7 of the Proceeds of Crime Act 2002 (money laundering)(k) (330) Region/ Jurisdiction: UKRecommendationEnsure that periodic training is be provided to ensure that relevant employees have sufficient skills and knowledge to recognise the potential occurrence of money laundering. Implement a procedure where suspicious of money laundering can be reported. The procedure should ensure that:· Employees know that they must report any suspicious to the MLRO.
· Employees know the importance of not tipping off the client and the consequences if they do.· The MLRO has the skills and knowledge to make an appropriate assessment as to whether the suspicion should be reported to the National Crime Agency (NCA). · The MLRO is aware of how to report to the NCA via the SARs online system. 3. Training The FCA report noted that the AML training provided by the Firm to all staff, including the AML division, consisted of online videos with no assessment, which in the view of the FCA, was not appropriate.
In the publication, Financial Crime: A Guide to Firms Part 1, the FCA reports its findings on the AML reviews it carried out on a number of regulated firms. In the findings in relation to AML training the FCA mentions that it sees as good practice firms that have training that is tailored to the specific role, where there is a strong practical dimension and some form of testing, and that the format of the training must make sure that staff obtain adequate knowledge that is up to date. As example of poor practice, it gives as example firms that failed to identify training needs. The lack of appropriate training has a strong impact on a firm’s systems and controls to prevent money laundering, as the lack of skills and knowledge leads to deficient customer due diligence which can raise the risk of money laundering occurring undetected. Firms are expected to implement systems and controls which are appropriate and proportionate to the scale and size of the business they carry out. Given that the Firm carries out the business of private banking with its core customers coming from high risk jurisdictions, it is very likely that a proper risk assessment would recommend that the Firm implements a training programme which has a very large practical dimension. RecommendationEnsure that there is a training programme in place with periodic training provided to all personnel, no less than once a year or when there is a significant AML development, such as the introduction of a new rule or a new version of a relevant industry guidance is issued. Ensure that, at least for those relevant employees who engage face to face with customers and those who take part on the on-boarding process, training is face to face and it has a practical dimension that is relevant to the business carried out by the firm.
Region/ Jurisdiction: UK Ensure that training is tailored to the Firm’s business and is kept up to date. Ensure that there is a procedure in place to satisfy the Firm’s senior management that employees have understood the topics presented and that they know how to apply them in practice. Ensure that the induction programme of all new members of staff include AML training. 4. Allocation of resources to the Firm’s AML division The FCA report found that in the Firm’s budget for the last three years there has been a decrease in the budget for the AML division, which has had an impact on the effectiveness of the Firm’s AML systems and controls. SYSC 6.
3.9R (2) of the FCA Handbook states that firms must ensure that its MLRO has a level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibility. Where an AML division that does not have sufficient resources, this has a major impact on every aspect of the systems and controls in place and increases the risk of money laundering.
RecommendationThe Firm’s senior managers must ensure that the Firm’s MLRO has sufficient independence, authority and access to resources to fulfil the Firm’s obligations under the Money Laundering Regulations. Additional Recommendations The additional recommendations below are made to support the recommendations made as a result of the observations above. AML Policies and ProceduresThe Firm should carry out a review of all its policies and procedures and ensure these are up to date and adequate given the Firm’s risk profile. After the review, the policies and procedures should be presented to senior management, who should understand and approve the contents. After approval from senior management, the policies and procedures should be circulated to all members of staff, who should acknowledge that they have read and understood the contents. Staff from the AML division and those who have direct client contact should have face to face training in relation to the revised policies and procedures. Region/ Jurisdiction: UKAML Risk AssessmentThe Firm should review its risk assessment at the earliest possible opportunity, and ensure that it considers: · The overall risk that the Firm is exposed to as a result of the risks involved with each individual business relationship· The effectiveness of the Firm’s systems and controls· Prominence should be given to the fact that the Firm’s core customers are from high risk jurisdictions This assessment should be presented and approved by the Firm’s senior managers.
The annual risk assessment should assist the MLRO in informing senior management of the AML risks that the Firm is exposed to and how much resources are required to mitigate these risks. It could also serve as guidance to senior managers when deciding on the budget for the AML division. For guidance in carrying out the assessment, the Firm should consider sections 4.3-5 on risk assessment of the JMLSG Guidance and sections 2 and 3 of the FCA publication Financial Crime: A Guide for Firms Part 1. Industry Guidance Employees involved in the AML division should ensure that they have sufficient knowledge and skills to carry out their duties. This includes being up to date with the latest industry guidance and good practice and how they impact the Firm’s business. Therefore, the Firm should ensure that relevant employees are aware of the relevant sections in the following: JMLSG GuidanceFCA’s Financial Crime: A Guide for Firm’s Part 1 and 2FATF website, including FATF RecommendationsNational Crime Agency website The Firm should ensure that there is a procedure in place where any relevant updates from the sources above are communicated accordingly. Annual MLRO Report and regular management information The Firm should review the last MLRO report at the earliest possible opportunity and ensure that it reflects, with sufficient detail, the deficiencies identified in the FCA report, the findings from the revised AML risk assessment, the recommendations from this report and the proposals that the MLRO think are suitable to address these deficiencies and risks identified.
The revised MLRO report should inform the Firm’s senior managers of the resources required by the AML division. Region/ Jurisdiction: UKInternal monitoring programmeGiven the type of AML risk the Firm is exposed to and the current deficiencies, the Firm should consider implementing an internal monitoring programme to monitor, on a regular basis and no less than quarterly, compliance with the rules on AML and provide the Firm’s senior managers with information on the effectiveness of the Firm’s AML systems and controls. Ideally this monitoring should not be performed by the MLRO. Annual review by external consultants Given the deficiencies identified, the Firm should consider whether it is appropriate to hire external independent consultants to review, at least on an annual basis, the Firm’s AML systems and controls and provide senior management with an independent view of the effectiveness of the Firm’s AML controls.
Enforcement actions The Firm should ensure that there is a procedure to ensure that relevant employees, including senior managers, are kept abreast of relevant enforcement actions which are published by the FCA, FATF and NCA in their websites and what lessons can be learned from them.