FCA’s focus on controls continues unabated | Dechert LLP

The Final Notice against Guaranty Trust Bank (UK) Limited (“GT Bank”) follows on the heels of similar enforcement actions against financial institutions for AML systems and controls breaches, continuing to make good on the FCA’s promise—set out in its 2022—2025 Strategy Plan, Business Plans and in Dear CEO letters (such as the 21 May 2021 Dear CEO Letter relating to “Action needed in response to common control failings identified in anti-money laundering frameworks”)—to focus its attention on the adequacy or otherwise of firms’ financial crime systems and controls, regardless of whether any substantive money laundering has occurred as a result of any weaknesses. This is also discussed in our previous OnPoint on this subject.

It is the latest reminder that the FCA will take enforcement action against those firms that fall below its expectations and standards, including by treating any recidivist misconduct as an aggravating factor. Indeed, in 2013, the FCA fined GT Bank for “serious and systemic” failings and this week’s action is critical of GT Bank’s failure to take adequate steps to bring its financial crime compliance program to the required standard.

Compliance professionals will no doubt be analysing what went wrong at GT Bank. One of the key lessons is the importance of remediation once a firm becomes aware of deficiencies in its financial crime systems and controls. Getting to the root cause of the deficiencies and implementing an effective, timely, and credible remediation plan is the clear differentiator between firms that “get it” and firms that do not, and which may end up facing enforcement. The FCA’s finding that GT Bank’s customer facing teams had a “strong focus” on getting new business and “did not consider key AML tasks […] to be their responsibility” was perhaps a sign of deeper cultural issues and that GT Bank was not “getting it”.

Another important lesson (consistent with other recent FCA actions) is the centrality of adequate resourcing to effective financial crime risk management. The case is an important reminder that relevant financial crime teams should have sufficient resources to carry out, in a timely fashion, their day-to-day tasks as well as any remediation or backlog projects, rather than, as here, borrowing resources from one part of the financial crime function, which could ill afford it, to resource a necessary remediation project.

Aside from that compliance professionals will note the litany of errors that is typical to FCA actions in the financial crime space, including inadequate customer risk assessments and customer due diligence procedures, failure to establish and verify source of funds for high-risk customers, and ineffective transaction monitoring.

In a similar vein, we expect that the FCA will take a keen interest in the effectiveness of the systems and controls that firms have employed to stay on top of the rapidly evolving sanctions landscape. Indeed, in May 2022, the FCA actively encouraged reports to be made to it concerning weaknesses in sanctions controls. Weakness in one area of a firm’s financial crime controls will very often indicate a weakness in another and it is critical that firms consider any read-across in these circumstances.

On the face of it, the absence of any action against individual members of GT Bank’s senior management seems difficult to reconcile with the FCA’s stated aim of increasing individual accountability particularly in view of its finding in this case that GT Bank’s misconduct was “particularly egregious” and that “senior management” had failed to adequately to address GT Bank’s long-running AML deficiencies. However, the absence of action is no cause for complacency—the FCA reportedly has multiple ongoing investigations into individuals for AML failings and will be looking for the right case to bring to highlight the issue of individual accountability for failings of this nature.