The Financial Conduct Authority has fined the German banking giant for inadequate AML controls that, it claims, probably allowed suspicious transactions to leave Russia, thereby placing the UK's financial system at risk.

The regulator says that the bank had inadequate money laundering controls for almost three years and, as a consequence, has levied the largest fine it has imposed on an institution for AML lapses. Deutsche is to augment its compliance-related staff this year.

The fine, of £163,076,224, was for failing to maintain adequate AML controls between 1 January 2012 and 31 December 2015. Not only was this the largest fine the FCA has imposed for such matters, but also greater than any AML fine set by its predecessor, the Financial Services Authority.

The bank failed to oversee the formation of new customer relationships and the booking of global business in the UK properly, according to the FCA. The lender was used by "unidentified customers" to transfer approximately $10 billion, of unknown origin, from Russia to offshore bank accounts in a manner that is "highly suggestive of financial crime", the FCA said.

Mark Steward, the director of enforcement and market oversight at the FCA, wrote to the press: “The size of the fine reflects the seriousness of Deutsche Bank’s failings. We have repeatedly told firms how to comply with our AML requirements and the failings of Deutsche Bank are simply unacceptable. Other firms should take notice of today’s fine and look again at their own AML procedures to ensure they do not face similar action."

The FCA said that it found "significant deficiencies" throughout Deutsche Bank’s AML regime. The FCA specifically found that, during the relevant period, Deutsche Bank’s corporate banking and securities division in the UK performed inadequate customer due diligence; failed to ensure that its front office took responsibility for know your customer obligations; used flawed customer and country risk rating methodologies; had deficient AML policies and procedures; had an inadequate AML IT infrastructure; lacked automated AML systems for detecting suspicious trades; and failed to provide adequate oversight of trades booked in the UK by traders in non-UK jurisdictions.

The failings allowed the front office of Deutsche Bank’s Russia-based subsidiary (DB Moscow) to execute more than 2,400 pairs of trades that mirrored each other (mirror trades) between April 2012 and October 2014, the FCA statement added.

The mirror trades were used by customers of Deutsche Bank and DB Moscow to transfer more than $6 billion from Russia, through Deutsche Bank in the UK, to overseas bank accounts, including in Cyprus, Estonia and Latvia. The orders for both sides of the mirror trades were received by DB Moscow, which executed both sides at the same time, it said.

The customers on the Moscow and London sides of the mirror trades were connected to each other and the volume and value of the securities was the same on both sides. The purpose of the mirror trades was the conversion of roubles into dollars and the covert transfer of those funds out of Russia, which is highly suggestive of financial crime, it continued.

A further $3.8 billion in suspicious “one-sided trades” also occurred. The FCA said it thinks that some, if not all, of an additional 3,400 trades formed one side of mirror trades and were often conducted by the same customers involved in the mirror trading.

Deutsche Bank agreed to settle at an early stage of the FCA’s investigation and therefore qualified for a 30% (stage one) discount.  This discount does not apply to the £9.1 million in commission that Deutsche Bank generated from the suspicious trading, which has been disgorged as part of the overall penalty, meaning that the firm has received no financial benefit from the breach.  

The regulator added that Deutsche Bank was "exceptionally cooperative" with the FCA during this investigation and has committed significant resources to a large scale remediation programme to correct the deficiencies in its AML control framework and customer files.

"The FCA noted in its findings that the bank has committed significant resources to improving its AML controls and recognises the work already undertaken in this area. The FCA also noted that the bank has been exceptionally cooperative in bringing the matter to its attention and throughout its investigation," Deutsche Bank said.

"Under the terms of the settlement agreement with the DFS, Deutsche Bank entered into a Consent Order, and agreed to pay civil monetary penalties of $425 million and to engage an independent monitor for a term of up to two years. The Consent Order acknowledged Deutsche Bank’s cooperation and remediation efforts and noted that the DFS considered those efforts in arriving at the settlement amount," it said, adding that the amounts have been materially reflected in in existing litigation reserves.

"As previously disclosed, Deutsche Bank is co-operating with other regulators and law enforcement authorities, which have their own ongoing investigations into these securities trades," it added.

Deutsche also elaborated on developments in a memorandum sent to staff, and seen by this publication. “Over the past day we reached settlements with the UK Financial Conduct Authority (FCA) and the New York State Department of Financial Services. The settlements conclude the FCA and the DFS’s investigations into the bank’s anti-money laundering control function in our investment banking division, including in relation to certain securities trades that occurred between 2011 and 2015 involving our Moscow, London and New York offices,” the memo, signed by Karl von Rohr, chief administrative officer, said. 

“While we are pleased to have resolved these matters, the FCA and the DFS were critical of our client onboarding and know-your-client (KYC) procedures, AML monitoring and organisational clarity among the businesses and control functions involved in these securities trades. We deeply regret the bank’s role in the issues cited,” it continued. 

"We have taken a number of important actions including a comprehensive review of our client onboarding and KYC procedures, launched in 2015. We continue to upgrade the bank’s AML monitoring and training and have increased headcount in Anti-Financial Crime by almost 30% in 2016 with plans to increase by a further 50% in 2017.

“In addition, as part of our efforts to simplify the bank, we closed our onshore investment banking business in Russia in 2016. We also increased those countries defined as having higher AML risk weightings from approximately 30 to approximately 100. This requires the bank to perform enhanced due diligence when onboarding entities from those countries, it added. 

At the start of January, this publication reported that Deutsche Bank appointed Philippe Vollot as global head of anti-financial crime and group money laundering reporting officer, just days after the previous head, Peter Hazlewood, left the position after just six months. Vollot has been with the bank for more than 13 years and most recently held the position of global chief operating officer for regulation, compliance and anti-financial crime. He has also held various positions within the compliance, anti-money laundering, legal and regional management fields. Aside from his roles within the private sector, Vollot has also worked for the French Financial Markets Authority. In his new role, he reports to Sylvie Matherat, the chief regulatory officer.

John Palmiero of MetricStream, the governance, risk and compliance (GRC) firm, commented: “Even with a 30% early payment discount, the charge of £163 million is the largest financial penalty relating to anti-money laundering control failings ever given by the FCA, highlighting both how serious the case is, and acting as a stark warning to other organisations that misconduct will not be tolerated. By increasing fines, regulators want to demonstrate that passive deterrence is not acceptable – which should be prompting organisations to consider more proactive measures in order to improve GRC.

“Cases like this serve to demonstrate just how difficult it is for large, multi-national organisations to fully track transactions and accountability across borders. This example is specifically about financial trading transactions across UK, European and Russian borders, but GRC done properly provides oversight, not only of a company's own cross-border obligations, but also those of its suppliers where arguably there is even greater risk. By implementing relevant frameworks that help to monitor for misconduct, organisations can maintain integrity and spot criminal activity, whether it is money laundering, fraud or general misconduct, no matter where the location.”