• wblogo
  • wblogo
  • wblogo

Sonali Bank fined £3.25 million for AML failings

Chris Hamblin, Editor, London, 13 October 2016

articleimage

The UK's Financial Conduct Authority has found that the British arm of Bangladesh's biggest bank, Sonali Bank, has bad anti-money-laundering controls at almost every level. It has also fined Steven Smith, the bank’s former money laundering reporting officer, £17,900 and stopped him from performing CF10 and CF11 functions.

Sonali Bank UK has also been banned from taking on new depositors for a period of 168 days after the date of the final notice it received yesterday. It received the usual 30% discount that the FCA awards to firms that capitulate to its demands as soon as an investigation begins.

The final notice uses the word 'culture' eight times, including once when the FCA expresses its wish to see a 'culture of compliance' at every firm and once when it decries Sonali's 'culture of minimal, or non-compliance.'

When banks compromise regulatory principles

Sonali is accused of going against the regulator's Principle 3, which exhorts all firms to take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems. It is also accused of failing to be straight with the regulator, in contravention of Principle 11. The first transgression was uncovered when the bank had the bad luck to be included in a thematic review in 2010 which unearthed a woeful shortfall in its AML controls. Subsequently, while under investigation for that, the bank breached Principle 11 by failing to notify the FCA for at least seven weeks in 2015 that it had become aware of a potentially significant fraud within its walls.

In March 2015, one of Sonali's customers told it that a significant sum of money was missing from his account. Although it knew that fraud might have taken place, it failed to notify the FCA until May. The FCA states that it expects any firm with a problem such as this one to tell it straight away, although the final notice does not point to any rule that might give rise to such an expectation.

The bank has  made  a  strategic  decision  to  streamline  its  retail  banking operations by closing all but two of its branches by the end of this year; at one point it operated six.

Remediation in doubt

After the visit of 2010 Sonali Bank drew up a remediation plan, but it did not stick to it during the following years. A second, follow-up visit in 2014 revealed fuzzy reporting lines between head office and the branches, with no 'culture of compliance' and not enough resources for the money-laundering reporting officer (MLRO) and his office.

Other FCA objections

The FCA also found fault with the vagueness of the bank's AML policy and procedure documents; its failure to respond to some unspecified warnings about its AML systems from the auditors and some board members; and the fact that the fraud-related trouble occurred while the bank was already under investigation for bad AML controls.

CDD and EDD

The visit of 2014 uncovered numerous problems with the bank's willingness to perform the correct checks on customers ('customer due diligence' or CDD, a term invented by the Basel Committee for Banking Supervision as an alternative to 'KYC' or 'know your customer') and, where appropriate, to look for more detail ('extra/enhanced due diligence' or EDD, a term invented by the US Treasury). For example, having identified one customer as a 'politically exposed person' or PEP with an income of £20,000 per annum, Sonali failed to question whether the significant cash and cheque deposits he was making were commensurate with his income. In another case, the bank failed to identify publicly available information in respect of one of its customers which should have gone into his AML risk assessment.

Immediately after the visit of 2014, the FCA asked the bank to lower the remittance threshold for obtaining 'source of funds' information, screen its customers to identify PEPs, conduct EDD on all PEPs and 'highly risky' customers and set up visits to its branches to assess their AML systems. This implies that it had not begun to do these things yet.

Next, someone (the final notice does not say whether this was the firm at the regulator's request, or the regulator iteslf) appointed a 'skilled person' (a company or, in view of the bank's small size, perhaps an individual such as an auditor) to monitor the situation. He (or it) produced a gloomy report in June 2014 and the FCA deployed investigators in September.

Board problems

At this time, the FCA decided that the board of Sonali UK was at fault. In its final notice it complains about the board's refusal to grant the MLRO adequate resources; its failure to avail itself of enough regulatory expertise, ignoring some advice from its non-executive directors who had some; its lack of interest in the progress of the remediation plan, which allowed it to pass largely unenforced; and its failure to keep track of (or discover) the 'risks' (a stand-alone word that the FCA does not explain, although it does say that no 'conduct risk appetite' had been gauged in 2013) that the bank was running. The board did receive monthly financial crime reports but, in the FCA's bizarre phrase, it failed to 'raise challenge' to their conclusions adequately.

SMT problems

The senior management team was also at fault, especially for never coming up with a coherent strategy for offsetting 'money-laundering risk,' a phrase that the Joint Money-Laundering Steering Group's guidelines describe as the risk that a firm will be used to launder money. The financial crime reports it received were woefully lacking in detail. Despite warnings from the internal auditors about the veracity of the bank's AML controls, the SMT reduced the number of days they were allowed to spend on matters involving regulation and governance from 18 to 8 between 2011 and 2013.

The MLRO

In August 2013, the internal auditors noted that only 17 reviews of trade finance files had been carried out, rather than the 75 called for by SBUK’s procedures. This was because the money-laundering reporting office was short staffed and the MLRO himself also had to act as compliance officer and undertake company secretarial work. Management responses to his requests for software were partial and tardy.

Despite the fact that he was an overworked MLRO, the FCA has also found fault with Steven Smith. His final notice says that despite suffering from overwork and from a shortage of resources, he failed to impress upon senior management the need for further resources even when these were adversely affecting the monitoring work carried out by the MLRO department. It goes on: "When he was given permission to recruit further resource, Mr Smith failed to take adequate steps to ensure that further resource was recruited in a timely fashion.

The FCA's order against Smith prohibits him from performing any SMF16 (compliance oversight) and SMF17 (money laundering reporting) senior management functions and any CF10 (compliance  oversight) and CF11 (money laundering reporting) controlled functions in relation to any regulated activities carried on by any authorised or exempt persons, or exempt professional firm.

The regulator considers that Smith contravened Principle 6 (exercising due skill, care and diligence in managing the business of the firm for which he is responsible) and was knowingly concerned in SBUK’s breach of Principle 3 (taking reasonable steps to organise its affairs responsibly and effectively, with adequate risk management systems). With this verdict, the British MLRO continues to inhabit an uncomfortable space between a rock and a hard place.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll