Worldwide: Highest Common Factors? Financial Crime Prevention And Enforcement In The UK And US

For many years, firms believed that all the regulatory tools for financial crime prevention were wielded in the US. Over recent years, while the US enforcement agencies have shown little sign of let-up in their actions, UK laws, and regulatory powers and actions, have gained significantly in their fear factor. Now, some UK laws go further than US laws, and the UK regulators continually press for more resource to enforce as effectively as their US counterparts. With the increase in financial crime offences that span jurisdictions and increased regulatory co-operation, any wrongdoing is likely to face significant punishment.

In this article, Emma Radmore and Stephen Hill, Jr of Dentons look at the key elements of laws, regulatory expectations and enforcement themes in the prevention of money laundering (AML).

UK

Law and Regulation

The UK's laws on AML and terrorist finance are split between several pieces of primary legislation (some of which overlap with sanctions laws) and one set of secondary legislation. For businesses that operate in the regulated sector (including banks and investment banks, broker-dealers, fund and portfolio managers, non-bank lenders and payment services entities, not only do more laws apply, but also, at least for those regulated by the Financial Conduct Authority (FCA), a fearsome set of regulatory obligations.

In brief, the UK system is based on:

• Criminal property - that is, the proceeds of any crime triable on indictment
• Criminal conduct - the conduct that leads to their being proceeds of crime
• CDD/EDD - customer due diligence and enhanced due diligence: aimed at knowing who your customer is, what their business is, and mitigating risks associated with it
• Systems and controls - to ensure the right policies and procedures are in place, calibrated at the right level, and that relevant staff understand and apply them properly and in a risk based manner
• What FCA wants - often critical, as the major enforcement action against financial institutions for AML failings has come from FCA.

Proceeds of Crime Act 2002 and Terrorism Act 2000

Under these laws, it is, in brief, a criminal offence:

• to acquire, possess or use, make arrangements regarding, or conceal or transfer the proceeds of criminal conduct or terrorist property: maximum imprisonment for these offences is 14 years and/or an unlimited fine;
• to fail to report a knowledge or suspicion of money laundering or terrorist finance: this applies differently depending on whether the business is in the regulated sector, and, in the case of proceeds of crime applies also "nominated officers" (ie persons within firms with responsibility for assessing internal reports and then reporting onwards to the authorities): maximum imprisonment of 5 years and/or an unlimited fine;
• within the regulated sector, to tip off any person that an investigation is underway or is about to be, if that might prejudice the investigation: maximum imprisonment of 2 years and/or an unlimited fine.
• it is also an offence to make a disclosure in the wrong form.

Counter-Terrorism Act 2008

Under this Act, it is an offence (punishable with a maximum of 2 years' imprisonment and/or an unlimited fine) for a relevant institution (usually banks) to fail to comply with directions from HM Treasury on conducting EDD when doing business in certain jurisdictions.

Money Laundering Regulations 2007

These Regulations, which apply to the regulated sector, make it an offence, again punishable with up to 2 years' imprisonment and/or an unlimited fine, to fail to have in place policies and procedures on:

• CDD measures and ongoing monitoring;
• reporting;
• record-keeping;
• internal control;
• risk assessment and management; and
• monitoring and management of compliance with, and internal communication of, such policies and procedures,

in order to prevent activities related to money laundering and terrorist financing.

Joint Money Laundering Steering Group (JMSLG) Guidance Notes

The JMLSG is an industry body whose guidance has been endorsed by Treasury. This means that a court must take it into account when assessing compliance (or otherwise) with the law. A firm that chooses not to follow the guidance will need to show its policies and procedures are at least as good as those the JMLSG suggests.

FCA Handbook

FCA's Handbook of Rules and Guidance sets several high level and overarching requirements.

Principle 3: Principle 3 of FCA's Principles for Business requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. FCA can, and has, taken enforcement action on the basis of breach of Principle 3 alone, and in circumstances where there is no evidence a firm has been used for money laundering.

Senior Management Systems and Controls Rules: These rules require a firm to take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime. A firm must ensure systems and controls: (1) enable it to identify, assess, monitor and manage money laundering risk; and (2) are comprehensive and proportionate to nature, scale and complexity of activities.

Financial Crime guide: This guide, known as FC includes many thematic reviews FCA has carried out (and on the basis of which it has taken enforcement action), and draws good and poor practice conclusions from them. While FC is not endorsed like the JMLSG guidance notes, FCA will take notice of whether a firm has complied with it when considering taking action against a firm. In principle, FC suggests:

• Governance:
  • there should be senior management involvement with the Money Laundering Reporting Officer (MLRO) report;
  • the Board should get the right Management Information to enable it to assess the risks the firm faces;
  • policies should ensure independent challenge of high risk relationships; and
  • staff reward structures should take into account AML compliance failings
• MLRO
  • should be independent, knowledgeable, robust and well-resourced, and pose effective challenge to the business where warranted
  • should have a direct reporting line to executive management or the board
  • escalates issues where appropriate
  • has good awareness of high risk areas
• Assessment of risks of ML
  • a firm should have systems and controls in place to identify, assess and monitor risk.
  • the risk assessment should inform the firm's processes
  • the firm's consideration of risk should include political connections, country risk, source of funds, sector risk, involvement in public contracts.
  • policies should manage the risk of the relationship manager's closeness to clients
• CDD checks
  • firms should show and understanding of the limitations of electronic sources and not relying entirely on a single source of information.
  • firms should show an understanding of purpose of transaction and ownership structures
• Ongoing Monitoring
  • firms must understand the limits of automated programmes
  • there should be a clear strategy for challenging and dealing with the unexpected
  • processes should exist for feeding results into customer risk profile
• Higher-risk situations: enhanced DD and monitoring
  • all high risk relationships should be checked by the MLRO, and firms should show use of independent internal or external intelligence reports.
  • policies should demonstrate how CDD is different for high risk customers and how EDD information is treated and stored
  • senior management should be involved in approving high risk customers
  • correspondent banks should address the risks this business poses
• Liaison with Law Enforcement
  • the process for liaising with law enforcement should be clear, and understood by staff
  • SARs should be made through nominated officer
  • firms should have a clear policy on what is reportable
  • procedures should address how to deal with production orders if received
• Reliance and record keeping
  • policies should address retrievability of documents for production orders
  • firms should have a strategy on sampling records where rely on others
• Counter Terrorist Finance
  • firms should be able to show how they have assessed risks
  • it should be clear who is responsible for liaison with authorities
• Payments
  • firms should have policies on checking payer information
  • processes should address checking respondent information and SWIFT cover messages
  • there should be a policy on sampling inward payments

Enforcement actions

FCA (and its predecessor, the Financial Services Authority) have imposed fines of increasing severity over the past 12 years. Most have been on the regulated entity, and mainly, but not only, banks. Some, however, have also fined the Money Laundering Reporting Officer (MLRO). Of the more recent fines, it is clear they stem from thematic reviews, as they tend to have the same ultimate failing as their basis. When considering the amounts of the fines, it is important to appreciate both that the fines reflect what a firm (or individual) can actually afford to pay, and that FCA fining rules have changed recently, with the potential for fines to become significantly larger.

• In 2003, FSA fined what was then the Abbey National £2 million for failings in carry out CDD in its branches, and delays in reporting suspicions
• In 2008 FSA fined Syndicatum Ltd, a corporate finance advisory firm, £49,000 and its MLRO £17,500 for poor risk assessment and lack of CDD
• In 2010 FSA fined Alpari, an FX trading business, £140,000 and its MLRO £14,000 for poor CDD, sanctions and politically exposed persons (PEP) screening and poor training
• In 2010 FSA fined RBS £6.5million - the first fine under MLRs for failure of group companies to have in place adequate sanctions screening
• In 2012 FSA fined Coutts £8.7 million for poor EDD procedures on PEPs
• In 2012 FSA fined Habib bank £525,000 and its MLRO £17,500 for reliance on head office policies and procedures without properly considering UK standards, and therefore poor EDD
• In 2012 FSA fined Turkish Bank £294,000 for poor practices around correspondent banking
• In 2013 FCA fined EFG Private Bank £4.2 million for having good policies on paper, but which were poor in practice
• In 2013 FCA fined Guaranty Trust £525,000 for poor PEP DD, risk assessments, sanctions checks and poor or non-existent checks on source of funds
• In 2014 FCA imposed on Standard Bank a civil penalty of £7.6 million for MLR breach in respect of EDD on PEPs
• In 2015 FCA fined Bank of Beirut £2.1m, and fined its compliance officer and the internal auditor, have been fined £19,600 and £9,900, respectively and stopped from acquiring new customers from high-risk jurisdictions for 126 days. It found the bank had given it misleading reassurances that it had performed remedial work on its financial crime controls when it had not.

While these amounts pale into insignificance in comparison not only to US fines, but also to FCA fines on banks in relation to the fx scandal, they are still indicative of FCA's continued appetite to take action against those whose practices are poor. Firms ignore thematic reviews at their peril.

US

Law and Regulation

Key Concepts

Source of the asset under review is a critical factor because it can lead to the identification of key individuals and the questionable conduct.

The laws are based on a "gatekeeper strategy" that examines the type of organisation and/or nature of the business conduct.

KYC-CDD (due diligence)

Regulators and the enforcement community will question whether the organization have an effective system and internal control to detect and deter inappropriate conduct.

The legal and practical benefits of conduct consistent with government guidance.

Laws

• Bank Secrecy Act 1970:
  • Established requirements for recordkeeping and reporting by private individuals, banks and other financial institutions
  • Designed to help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions
  • Required banks to (1) report cash transactions over $10,000 using the Currency Transaction Report; (2) properly identify persons conducting transactions; and (3) maintain a paper trail by keeping appropriate records of financial transactions.
• Money Laundering Control Act 1986:
  • Established money laundering as a federal crime
  • Prohibited structuring transactions to evade CTR filings
  • Directed banks to establish and maintain procedures to ensure and monitor compliance with the reporting and recordkeeping requirements of the BSA
  • Introduced civil and criminal forfeiture for BSA violations
• Anti Drug Abuse Act 1988:
  • Expanded the definition of financial institution to include businesses such as car dealers and real estate closing personnel and required them to file reports on large currency transactions
  • Required the verification of identity of purchasers of monetary instruments over $3,000
• Anunzio-Wylie Anti-Money Laundering Act 1982
  • Strengthened the sanctions for BSA violations
  • Required Suspicious Activity Reports and eliminated previously used Criminal Referral Forms
  • Required verification and recordkeeping for wire transfers
  • Established the Bank Secrecy Act Advisory Group (BSAAG)
  • Required banking agencies to review and enhance training, and develop anti-money laundering examination procedures
  • Required banking agencies to review and enhance procedures for referring cases to appropriate law enforcement agencies
  • Streamlined CTR exemption process
  • Required each Money Services Business (MSB) to be registered by an owner or controlling person of the MSB
  • Required every MSB to maintain a list of businesses authorized to act as agents in connection with the financial services offered by the MSB
  • Made operating an unregistered MSB a federal crime
• Money Laundering Suppression Act 1994:
  • Required banking agencies to review and enhance training, and develop anti-money laundering examination procedures
  • Required banking agencies to review and enhance procedures for referring cases to appropriate law enforcement agencies
  • Streamlined CTR exemption process
  • Required each Money Services Business (MSB) to be registered by an owner or controlling person of the MSB
  • Required every MSB to maintain a list of businesses authorized to act as agents in connection with the financial services offered by the MSB
  • Made operating an unregistered MSB a federal crime
  • Recommended that states adopt uniform laws applicable to MSBs.
• USA Patriot Act 2001
  • Criminalized the financing of terrorism and augmented the existing BSA framework by strengthening customer identification procedures
  • Prohibited financial institutions from engaging in business with foreign shell banks
  • Required financial institutions to have due diligence procedures (and enhanced due diligence procedures for foreign correspondent and private banking accounts)
  • Improved information sharing between financial institutions and the U.S. government by requiring government-institution information sharing and voluntary information sharing among financial institutions
  • Prohibited financial institutions from engaging in business with foreign shell banks.
  • Expanded the anti-money laundering program requirements to all financial institutions
  • Increased civil and criminal penalties for money laundering
  • Provided the Secretary of the Treasury with the authority to impose "special measures" on jurisdictions, institutions, or transactions that are of "primary money laundering concern"
  • Facilitated records access and required banks to respond to regulatory requests for information within 120 hours
  • Required federal banking agencies to consider a bank's AML record when reviewing bank mergers, acquisitions, and other applications for business combinations.
  • Required federal banking agencies to consider a bank's AML record when reviewing bank mergers, acquisitions, and other applications for business combinations.
  • Required financial institutions to have due diligence procedures (and enhanced due diligence procedures for foreign correspondent and private banking accounts)
  • Improved information sharing between financial institutions and the U.S. government by requiring government-institution information sharing and voluntary information sharing among financial institutions
  • Expanded the anti-money laundering program requirements to all financial institutions
  • Increased civil and criminal penalties for money laundering
  • Provided the Secretary of the Treasury with the authority to impose "special measures" on jurisdictions, institutions, or transactions that are of "primary money laundering concern"
  • Facilitated records access and required banks to respond to regulatory requests for information within 120 hours
• BSA Laws and Regulations Statutes
  • 12 USC 1818(s) — "Compliance with Monetary Recordkeeping and Report Requirements" Requires that the appropriate federal banking agencies shall prescribe regulations requiring insured depository institutions to establish and maintain procedures reasonably designed to assure and monitor the compliance of such depository institutions with the requirements of the BSA.
  • In addition, this section requires that each examination of an insured depository institution by the appropriate federal banking agency shall include a review of the procedures, and that the report of examination shall describe any problem with the procedures maintained by the insured depository institution.
  • Sanction for failure to comply: 12 USC 1818(s) — Cease and Desist for Failure to Comply with Monetary Recordkeeping and Report Requirements: If the appropriate federal banking agency determines that an insured depository institution has either 1) failed to establish and maintain procedures that are reasonably designed to assure and monitor the institution's compliance with the BSA; or 2) failed to correct any problem with the procedures that a report of examination or other written supervisory communication identifies as requiring communication to the institution's board of directors or senior management as a matter that must be corrected, the agency shall issue an order requiring such depository institution to cease and desist from the violation of the statute and the regulations prescribed thereunder. Sections 1818(b)(3) and (b)(4) of Title 12 of the USC extend section 1818(s) beyond insured depository institutions.
  • The government will typically allege in a criminal proceeding:
    • Willfully failing to establish and maintain an effective AML program in violation of 31 USC 5318(h).
    • Willfully failing to conduct and maintain due diligence on correspondent bank accounts held on behalf of foreign person in violation of 31 USC 5318(i).
    • They may allege violations of 18 U.S.C. 1956 (laundering of monetary instruments) or 1957 (engaging in monetary transactions in property derived from specified unlawful activity).
    • These provide for criminal exposure for the illegal act and/or using the proceeds of an illegal act.
    • .Statutory sentences up to 20 years.
    • Fines up to the greater of $500,000 or twice the value of the property involved.
    • The government's fallback position may be to seek civil and criminal penalties for regulatory violations.

Regulatory Expectations - the Bank Examiner's Red Flags

Perhaps the best how-to guide for the development of risk assessment policies and procedures is to apply the regulator's own guide to your organisation ( http://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm). In reviewing the handbook several key topics are discussed including the government's list of red flags for the following subjects:

• Customers Who Provide Insufficient or Suspicious Information
• Efforts to Avoid Reporting or Recordkeeping Requirement
• Funds Transfers
• Automated Clearing House Transactions
• Activity Inconsistent with the Customer's Business
• Lending Activity
• Changes in Bank-to-Bank Transactions
• Cross-Border Financial Institution Transactions
• Trade Finance
• Insurance
• Shell Company Activity
• Embassy and Foreign Consulate Accounts
• Employees
• Other Unusual or Suspicious Customer Activity Customer frequently exchanges small-dollar denominations for large-dollar denominations
• Potentially Suspicious Activity that May Indicate Terrorist Financing
• Potentially Suspicious Activity that May Indicate Terrorist Financing: Funds Transfers
• Other Transactions That Appear Unusual or Suspicious

Key US enforcement actions

As representative US enforcement actions with an AML theme, three are particularly noteworthy examples:

• In 2015, Oppenheimer & Co Inc was fined $20 million for inadequate policies, procedures, and internal controls reasonably designed to detect and report suspicious securities trading activity.
• In 2014, JP Morgan was fined $2.05 billion and subject to forfeiture for BSA/AML/Failure to report Madoff's conduct
• In 2012, HSBC was fined £1.9 billion for AML and sanctions breaches.

This article was first published in  Financial Regulation International on April 28, 2015. Co-authored by  Emma Radmore and Stephen Hill, Dentons.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.