FCA Enforcement: Are your Financial Crime Systems and Controls in order?

Key Takeaways

• The FCA has recently fined JLT Specialty Limited and Ghana International Bank for limitations in their financial crime systems and controls, specifically weaknesses relating to anti-money laundering (AML) and anti-bribery and corruption (ABC) controls.
• The Ghana International Bank case highlights that the FCA will enforce weaknesses in financial crime systems and controls even where no underlying criminal offence (e.g. money laundering) is identified. With forthcoming amendments to the Money Laundering Regulations 2017 due to enter into force in September 2022, firms should be particularly alive to the impact of pending changes in the money laundering regulatory space.
• Firms must be proactive to ensure that their financial crime systems and controls are monitored and updated on an ongoing basis, taking account of issues identified internally in addition to relevant external factors.

Introduction

In recent weeks, the Financial Conduct Authority (FCA) has fined two companies for weaknesses in their financial crime systems and controls:

• On 16 June 2022, the FCA fined JLT Specialty Limited (JLTSL), an insurance broker, £7.8 million for financial crime control failings, particularly in relation to anti-bribery and corruption (ABC), which at one point allowed bribery of over US$3 million to occur.
• On 23 June 2022, the FCA fined Ghana International Bank (GIB) £5.8 million for breaches of the Money Laundering Regulations 2007, involving poor anti-money laundering (AML) and counter-terrorist financing (CTF) controls over its correspondent banking activities.

• JLTSL, a UK based company (part of the JLT Group), placed business in the London reinsurance market for another JLT Group entity, JLT Re Colombia (JLT Colombia).
• Between November 2013 and June 2017, JLTSL paid over US$12 million in commission to JLT Colombia. JLT Colombia in turn paid US$10.8 million of this commission to a third-party introducer.
• The third-party introducer subsequently paid over US$3 million to government officials at a state-owned insurer in order to help retain and secure business for JLTSL and JLT Colombia. JLTSL was not aware of the bribery scheme until the individuals involved were prosecuted in the US in 2018.
• Also of note was the fact that JLTSL employees were involved in significant hospitality expenditure for the benefit of government officials and members of their families, as well as the third-party introducer. The expenditure related to events including the Wimbledon Championships and the Monaco Grand Prix and totalled US$200,000 over the course of a 10-month period, the vast majority of which was not formally approved in line with the JLTSL’s gifts and hospitality policies and procedures. In one instance, JLTSL and JLT Colombia employees entertained a public official and his wife, among others, at the Wimbledon Men’s Semi-Final and Final events, with the hospitality costing £67,200 and including food and drink, Centre Court tickets, and a meet and greet with a former Wimbledon champion. The third-party introducer was asked to pay for the entertainment but then subsequently reimbursed through an increased commission fee from JLTSL. The expense was not declared for approval as was required by JLTSL’s Gifts and Entertainment policy and the JLTSL employee in question was able to circumvent the policy by reimbursing the cost through the increased commission payment. In this case, the hospitality in question was particularly lavish, but reasonable and proportionate hospitality to events such as Wimbledon or Formula One which are internally approved and consistent with market practice are unlikely to raise bribery concerns.³

There were several interesting features of this case:

1. JLTSL was a recidivist company, having previously been fined by the FCA in December 2013 for similar ABC control failures (namely failure to address risks of bribery and corruption associated with making payments to third-parties).⁴ While JLTSL had improved its systems and controls following the 2013 decision, in the present case JLTSL’s failure allowed another group entity to engage in bribery since its improved systems and controls had not catered for the need for additional safeguards or approvals with regard to third party introducers engaged by another JLT group entity where such introduced business was subsequently placed by JLTSL in the London market.⁵ This highlights the need for firms to ensure that their group-wide financial crime compliance controls are suitably robust and effective. In this case, the risks were heightened for JLT group entities based in countries with a perceived higher level of bribery and corruption. Firms should ensure that they have put in place proportionate procedures tailored to the particular risk profile of their business, paying particular attention to the risks around third-party relationships which are an ever-present feature of bribery cases.
2. In determining the penalty, the FCA acknowledged JLT Group’s disgorgement of c. US$29 million to the US Department of Justice, which covered the financial benefit arising directly from JLTSL’s breach of Principle 3.⁶ Whilst the FCA considered JLTSL’s self-report, cooperation with its investigation (including providing the FCA with access to its internal investigation materials)⁷ and the remedial steps taken after the identification of the breach to be mitigating factors in determining the penalty, the fact that JLTSL was a reoffending company (in circumstances where the FCA has issued considerable guidance to firms in relation to financial crime risk) was an aggravating factor.⁸ Furthermore, the penalty was adjusted upwards for deterrence given the Authority’s view that “There have been a series of enforcement outcomes against commercial insurance brokers for failings in their anti-bribery and corruption systems and controls and these have not had a sufficient deterrent effect.”

Mark Steward, Executive Director of Enforcement and Market Oversight, commented that JLTSL’s “lax controls” facilitated the corruption, and confirmed that the FCA is “maintaining [its] focus on financial businesses’ financial crime systems, taking action where these firms fall short”.

• GIB provided correspondent banking services to overseas banks. Correspondent banking is regarded as a high-risk area for money laundering and terrorist financing and firms are required to undertake enhanced checks if they conduct business in this area.
• Between January 2012 and December 2016, GIB did not conduct adequate additional checks when it established relationships with overseas banks. For example, GIB failed to demonstrate it had assessed the respondent banks’ (i.e. the banks for which GIB provided correspondent services) controls, failed to conduct annual reviews or adequate training, and did not establish proper policies and procedures.
• During the relevant period, the value of funds flowing between GIB and its respondent banking customers¹¹ totalled £9.5 billion.
  

This decision highlights that:

1. In this case the FCA took action for control weaknesses, including a failure to properly identify risks and scrutinise transactions, in circumstances where no actual money laundering was detected. As such, firms should be monitoring and improving their systems and controls on an ongoing basis to ensure compliance. Of particular note was the fact that, in this case, GIB’s internal audit team identified issues with GIB’s control framework, including around KYC, which were not properly remediated.
2. Firms must create and tailor policies and procedures to high-risk areas for money laundering. The FCA criticised GIB’s “fragmented, confusing and overlapping policies” and the fact that it did not recognise correspondent banking as a separate business line or product area. GIB did not have clear procedures for undertaking required EDD steps, failed to obtain adequate identification information and failed to obtain senior management approval in a number of instances.
3. Firms must keep on top of the latest guidance and developments in money laundering regulation. The FCA considered GIB’s failings to be particularly serious because before and throughout the relevant period the FCA issued publications and disciplinary notices that highlighted the high-risk nature of correspondent banking.¹² The FCA also referenced the fact that other international and domestic organisations issued communications regarding jurisdictions with a high risk of money laundering, including a period during which Ghana was subject to a Financial Action Task Force (FATF) public statement.

Updates to Money Laundering Regulations

On 15 June 2022, the government published its final response to the consultation process on changes to the Money Laundering Regulations 2017 (MLRs). The government has decided to implement a number of changes to the MLRs, most of which will come into force on 1 September 2022 (subject to parliamentary approval). Of particular note are the following changes:¹³

• Proliferation financing risk assessment: There will be a new requirement, in line with FATF standards, for financial institutions and certain other businesses to assess and mitigate their proliferation financing (PF) risks (i.e. financing risks with respect to nuclear, chemical or biological weapons). Financial institutions will therefore need to complete their own risk assessments of PF, alongside their current risk assessments for money laundering and terrorist financing.
• Reporting of discrepancies to Companies House: The government has decided to expand the requirement for businesses in scope of the MLRs to report beneficial ownership discrepancies to Companies House to cover an ongoing business relationship (in addition to the existing requirement to report “before establishing a business relationship”). To address concerns that the MLRs provide insufficient clarity, the government has also decided to streamline the requirement so that it is clear only ‘material discrepancies’ need to be reported. The government has also decided to extend the reporting requirement to cover entities on the Register of Overseas Entities (ROE) introduced by the Economic Crime (Transparency and Enforcement) Act 2022,¹⁴ which was introduced to strengthen the UK’s response to sanctions evasion and associated money laundering. While the precise details have not been published, it is understood that this will require companies to report discrepancies in the ROE.
• Access to SARs by AML/CTF Supervisors: The amendments will allow AML/CTF supervisors (including the FCA) to access SARs submitted by supervised firms. Supervisors will be able to consider the content of SARs submitted by supervised populations, provided they are necessary to fulfil supervisory functions.
• Transfer of crypto assets: The government has implemented changes to comply with the expansion of FATF recommendations regarding information sharing requirements for wire transfers to cryptoassets (known as the ‘Travel Rule’). There will be a 12-month grace period to run from the point at which the amendments to the MLRs take effect, during which cryptoasset businesses will be expected to implement solutions to enable compliance with the Travel Rule. This will require cryptoasset businesses to update their systems and controls to ensure they are collecting and transferring the appropriate information on the originators and beneficiaries of cryptoasset transactions.

Conclusion

These recent FCA enforcement actions and forthcoming regulatory changes highlight the importance of firms ensuring that their financial crime systems and controls are in order. To the extent that firms have not done so already, they should be assessing their financial crime risks and putting in place systems and controls to mitigate and monitor those risks across their business.

Dechert has extensive experience of advising firms on financial crime regulatory risks, and how to tailor their systems and controls in a rapidly changing environment. We also regularly advise firms on their interactions with the FCA, conducting internal investigations, and on defence strategy in regulatory enforcement and criminal investigations.

Footnotes

1. Examples include Swiss prosecutors securing the first conviction of a bank for money laundering offences in December 2021, large fines issued by the Dutch authorities for AML control weaknesses, including to ABN AMRO, and enforcement action by the Singapore Securities and Futures Commission for failures to comply with AML/CTF regulatory requirements.
2. A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.
3. Ministry of Justice Bribery Act 2010 Guidance.
4. Final Notice (JLTSL) dated 19 December 2013.
5. Final Notice (JLTSL) dated 16 June 2022, para 2.6.
6. Ibid., para 6.4.
7. Ibid., para 2.25.
8. Ibid., para 6.16.
9. The version of the Money Laundering Regulations in force at the time.
10. Decision Notice (GIB), para 2.1.
11. Net of transfers between customers’ own accounts and fixed deposits.
12. Decision notice (GIB), para 2.4.
13. Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017: Response to the Consultation (June 2022).
14. See Dechert’s OnPoint on the Economic Crime (Transparency and Enforcement) Act 2022 here.