Anti-money laundering and the prevention of financial crime continues to be a key focus for the FCA, which reiterated in its most recent Business Plan its commitment to continue to use its enforcement powers to pursue those committing financial crime and their enablers. According to the notice published on 23 June 2022, the FCA has decided to fine Ghana International Bank Plc (GIB) approximately £5.8 million for a number of breaches of the Money Laundering Regulations 2007 (MLR 2007) arising from deficiencies in GIB’s anti-money laundering (AML) and counter-terrorist financing (CTF) controls over its correspondent banking activities between 2012 and 2016. The notice indicates that GIB and the FCA reached agreement on all relevant facts and all issues as to whether those facts constitute breaches (and GIB obtained a settlement discount of 30%), but GIB could still make a referral to the Upper Tribunal in respect of the penalty.
Correspondent banking generally refers to the provision of banking related services by one bank (known as the “correspondent”) to an overseas bank (known as the “respondent”), which enables the respondent to provide its own customers with cross border products and services that it cannot provide itself, typically due to the respondent not having the necessary international network.
The FCA found that, for five years between 1 January 2012 and 31 December 2016 (the Relevant Period), GIB did not adequately perform the checks required by the MLR 2007 when it established relationships with overseas respondent banks and failed to demonstrate that it had assessed those banks’ AML controls, and neither did it conduct adequate enhanced ongoing monitoring of those banks. In addition, the FCA found that GIB failed to establish, maintain and communicate appropriate and risk sensitive policies and procedures in relation to correspondent banking despite the higher risk of financial crime posed by its relationships with respondents from non-EEA countries.
As a result of concerns identified by the FCA in December 2016, GIB agreed to a voluntary business restriction preventing it from onboarding new customers (which remains in place) and a skilled person was appointed to assist GIB in improving its financial crime controls and remediating its correspondent banking files.
Deficiencies in GIB’s AML controls
The FCA found deficiencies in GIB’s AML controls in three areas.
- Deficiencies in policies and procedures
Although GIB had a number of policies and procedures applicable to its correspondent banking business in place throughout the Relevant Period, the FCA found that those relied on by GIB staff to onboard and monitor respondent banks were fragmented, confusing and overlapping, leaving it unclear to staff which policies should be followed. Furthermore, the FCA found that these policies and procedures were vague and lacked sufficient detail with the result that staff undertaking enhanced due diligence (EDD) and ongoing monitoring could not adequately fulfil their roles in assisting GIB in preventing money laundering and financial crime. For example, some of the policies did not provide sufficient detail as to the practical steps to be taken in conducting EDD or transaction monitoring, such that staff were left to interpret these policies themselves. The FCA also found that GIB failed to establish and maintain an appropriate training process in relation to the internal communication of its policies and procedures and that the AML e-learning it provided was overly generic such that it would not have addressed the AML risks specific to GIB’s business.
- Deficiencies in due diligence
During the Relevant Period, GIB commenced correspondent banking relationships with 14 new respondents, all of which were based in non-EEA countries. The FCA found that, as a result of GIB’s failure to establish an appropriate procedure which explained to staff how they should conduct due diligence on proposed respondents, there were deficiencies in the due diligence obtained in respect of all 14 respondents. These included failures to obtain sufficient information about the purpose and intended nature of business of the respondents and failures to conduct reputation checks on respondents. The FCA also found that GIB consistently failed to obtain senior management approval before establishing a new business relationship with respondents and did not document the respective responsibilities of the correspondent and respondent.
GIB’s failure to conduct adequate levels of due diligence meant that these correspondent banking relationships were established in circumstances where GIB did not understand and had not fully assessed the money laundering risks each respondent posed.
- Deficiencies in ongoing monitoring
The FCA found that GIB failed to undertake periodic reviews of the information it held in relation to respondents in accordance either with the MLR 2007 or its own policies, routinely failed to obtain the evidence necessary to scrutinise transactions appropriately using a risk-based approach and did not provide guidance to staff on how it expected them to perform transaction monitoring.
In one instance, GIB failed to undertake any ongoing monitoring of a respondent from the start of the Relevant Period until March 2015 when it identified the respondent had ceased to trade 5 years earlier.
The FCA found that these failings resulted in an unacceptable risk that GIB would be used by those seeking to launder money, evade financial sanctions or finance terrorism. GIB’s failures were considered to be particularly egregious given the number of penalties previously imposed by the FCA on firms in connection with AML weaknesses, together with the availability of relevant FCA publications which also highlighted the high-risk nature of correspondent banking. In the FCA’s view, GIB had access to considerable guidance and should therefore have been aware of the importance of implementing and maintaining robust AML systems and controls. In addition, the fact that a voluntary remediation project implemented by GIB during the Relevant Period did not take sufficient steps to implement a periodic review procedure or remediate its respondent customer files was cited as an aggravating factor.
The FCA found GIB’s breach to be “Level 4” seriousness and so the starting point for the penalty was 15% of GIB’s revenue during the 5 year Relevant Period and this was increased by 15% taking into account the aggravating and mitigating factors. The FCA considered that the resulting figure would not serve as a real credible deterrent to GIB or others and, taking into account that, on average, income generated from correspondent banking totalled 14% of GIB’s total revenue, the FCA multiplied the penalty by 2.5. GIB’s settlement discount reduced the financial penalty by 30%.
This decision notice is the latest in a line of enforcement decisions over the last year regarding historic financial crime control failings and, once again, emphasises the importance placed by the FCA on firms having adequate AML and CTF controls. This case in particular acts as a reminder that the FCA expects that firms should be aware that correspondent banking is high risk from a money laundering perspective, especially with regard to relationships with respondents from non-EEA states. Key learnings for firms include that they should: (i) use a risk-based approach to target activities that present the greatest risks, including correspondent banking, to identify suspicious activity and high risk customers; (ii) focus their resources on higher risk relationships and transactions; and (iii) have clear and practical policies and procedures in place, with staff adequately trained on these to perform their duties. This is especially the case given the requirements placed on firms by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which include stricter obligations regarding client due diligence than those previously imposed under the MLR 2007.
 Regulations 14(1), 14(3) and 20(1) (now replaced by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)