Final Notice

On , the Financial Conduct Authority issued a Final Notice to Bank of Beirut (UK) Ltd

FINAL NOTICE

To:

Bank of Beirut (UK) Ltd

Firm
Reference
Number:
219523

Address:
17a Curzon Street
London
UNITED KINGDOM
W1J 5HS



4 March 2015


1.
ACTION

1.1.
For the reasons given in this notice, the Authority hereby:

(1)
imposes on Bank of Beirut (UK) Ltd (“Bank of Beirut”) a financial penalty of

£2,100,000; and

(2)
imposes on Bank of Beirut a restriction: for a period of 126 days from the

date this Final Notice is issued, in respect of its regulated activities only,

that Bank of Beirut may not acquire new customers that are resident or

incorporated in high risk jurisdictions.

1.2.
Bank of Beirut agreed to settle at an early stage of the Authority’s investigation.

Bank of Beirut therefore qualified for a 30% (stage 1) discount under the

Authority’s executive settlement procedures. Were it not for this discount, the

Authority would have imposed on Bank of Beirut:

(1)
a financial penalty of £3,000,000; and

(2)
a restriction of 180 days.

2.
SUMMARY OF REASONS

2.1.
Financial services firms are at risk of being abused by those seeking to launder

the proceeds of crime or to finance terrorism. This undermines the integrity of the

UK financial services sector. Firms are obliged to take appropriate and

proportionate steps to manage such risks effectively in order to reduce the risk of

financial crime. The Authority has the operational objective of protecting and

enhancing the integrity of the UK financial system (the Integrity Objective). The

integrity of the UK financial system is endangered by failures which risk the

system being used for a purpose connected with financial crime.

2.2.
Following visits to Bank of Beirut in 2010 and 2011, the Authority became

concerned that the culture at Bank of Beirut was one of insufficient consideration

of risk or regulation despite the high risk that its business might be exploited to

facilitate financial crime. The Authority required Bank of Beirut to implement a

number of action points to address its concerns. The action points together

formed a Remediation Plan and are referred to in this notice as the “Remediation

Plan action points”. In addition the Authority required Bank of Beirut to

remediate all of its customer files, after the Authority’s own file review identified

serious deficiencies in Bank of Beirut’s implementation of anti-money laundering

(“AML”) and financial crime procedures.

2.3.
The Authority worked closely with Bank of Beirut to resolve its concerns. Between

1 June 2011 and 20 March 2013 (the “Relevant Period”), Bank of Beirut did not

complete a full remediation exercise of all its customer files within the agreed

timeframe and repeatedly sought to assure the Authority that it had addressed all

of the Authority’s concerns even though this was not the case. Bank of Beirut

failed to deal with the Authority in an open and cooperative way and disclose to

the Authority information of which it would reasonably expect notice. This

amounts to a breach of Principle 11. Specifically:

Remediation Plan action points

(1)
Bank of Beirut failed to implement three out of the nine Remediation Plan

action points as directed by the Authority and repeatedly provided

inaccurate information to the Authority suggesting that it had completed

Remediation Plan action points when it had not. As part of the Remediation

Plan, the Authority required Bank of Beirut (among other things) to:

(a)
resolve all outstanding internal audit issues by 1 June 2011, in

order to improve the effectiveness of the internal audit function;

(b)
“develop,
implement
and
conduct
an
adequate
compliance

monitoring program” by 1 September 2011 to help ensure that

Bank of Beirut complied with regulatory obligations and to counter

the risk that the firm might be used to further financial crime; and

(c)
review the implementation of all the Remediation Plan action points

by 1 June 2012 to provide assurance that the improvements had

been embedded in its processes.

(2)
Bank of Beirut failed to meet these deadlines and failed to assure the

Authority that all Remediation Plan action points had been implemented by

1 June 2012.

(3)
After receiving a reminder from the Authority that a response was overdue

Bank of Beirut provided an assurance on 26 June 2012 that it had

implemented the Remediation Plan action points even though it:

(a)
had not conducted a review of the implementation of the

Remediation Plan action points;

(b)
had still not resolved all outstanding internal audit issues (these

were not resolved before the end of 2012); and

(c)
had not yet fully implemented or conducted an adequate

compliance monitoring plan (it had failed to evidence that an

adequate compliance monitoring plan was fully implemented during

the Relevant Period).

(4)
The Authority requested evidence to support Bank of Beirut’s assurance

that the Remediation Plan action points had been implemented. Bank of

Beirut provided the Authority with two reports in July and August 2012

which again sought to assure the Authority that Remediation Plan action

points had been implemented even though this was not the case. The

Authority requested a completion report to evidence that the compliance

monitoring plan had been implemented and conducted by 30 November

2012. Again, on 30 November 2012, Bank of Beirut provided the Authority

with inaccurate assurances about the status of the compliance monitoring

plan.

(5)
In addition Bank of Beirut breached Principle 11 because it failed to

disclose to the Authority that it had not completed remediation of all its

customer files to correct deficiencies in the implementation of AML and

financial crime procedures (in respect of both its regulated and

unregulated business). The Authority only became aware of this in March

2013, nearly two years after it had required Bank of Beirut to remediate

its files.

2.4.
Following the Authority’s visit in March 2013, Bank of Beirut engaged an external

consultant and appointed a dedicated team to undertake and finalise the

remediation exercise. In May 2013, whilst the remediation exercise was ongoing,

in order to address the Authority’s continued concern in relation to financial crime

risks, Bank of Beirut undertook, at the Authority’s request, not to enter into any

new customer account relationships with entities that were resident or

incorporated in high risk jurisdictions until the entire customer base was

remediated and compliance with regulatory standards was restored. Bank of

Beirut completed this remediation process in October 2013 following which the

Authority discharged the undertaking.

2.5.
The Authority expects firms to demonstrate a culture that supports effective

regulation and expects senior management to lead from the top in this regard.

The Authority’s approach to supervision may involve a visit to the firm and

discussion of failures to meet regulatory standards. Where such failures are

identified, frequently an action plan is agreed with the firm in order to agree

corrective action. This approach is reliant upon firms taking on responsibility for

completing actions within a specified timeline to mitigate or resolve risks, and the

Authority must be able to rely upon leadership within the firm in this respect.

Similarly, the Authority relies on confirmation received from a firm that the

actions have been completed and the risks mitigated or resolved.

2.6.
Senior management failed to ensure that the actions required by the Authority

were implemented, even when deadlines were extended. Bank of Beirut then

repeatedly provided inaccurate information to the Authority that suggested it had

completed actions, when it had not. In doing so, Bank of Beirut failed to

demonstrate the culture and level of cooperation expected by the Authority.

2.7.
Bank of Beirut’s failures are particularly serious because they left the firm open to

the risk that it might be used to further financial crime.

2.8.
The Authority therefore imposes on Bank of Beirut:

(1)
pursuant to section 206 of the Act, a financial penalty in the amount of

£2,100,000; and

(2)
pursuant to section 206A of the Act, a restriction for a period of 126 days,

in respect of its regulated activities only, that Bank of Beirut may not

acquire new customers that are resident or incorporated in high risk

jurisdictions. For the purposes of this restriction only, high risk

jurisdictions are defined as countries which have a score of 60 or below in

Transparency International’s Corruption Perceptions Index.

2.9.
The effect of the restriction is that Bank of Beirut will not be allowed to enter into

any new customer relationship with entities resident or incorporated in certain

countries for that period.

2.10. The Authority believes that imposing a restriction, in addition to a financial

penalty, will be a more effective and persuasive deterrent than a financial penalty

alone. The imposition of a restriction is appropriate because it will demonstrate to

firms with customers that are higher risk from a financial crime perspective that

where a firm fails to address AML systems and controls failings and is not open

and cooperative with the Authority with regard to rectifying those failings, the

Authority will take disciplinary action to suspend and/or restrict the firm’s

regulated activities.

2.11. On 13 October 2013, Bank of Beirut’s senior management attested to the fact

that the Bank had completed the steps required of it by the Authority to address

the identified AML systems and controls failings and has since increased resources

in its compliance and risk teams.

3.
DEFINITIONS

3.1.
The definitions below are used in this Final Notice.

“2007 Regulations” means the Money Laundering Regulations 2007, which came

into force on 15 December 2007.

“ABC” means anti-bribery and corruption.

“The Act” means the Financial Services and Markets Act 2000

“AML” means anti-money laundering.

“ARROW” means the Advanced Risk Responsive Operative Framework.

“The Authority” means the body corporate previously known as the Financial

Services Authority and renamed on 1 April 2013 as the Financial Conduct

Authority.

“Bank of Beirut” means Bank of Beirut (UK) Ltd.

“FSF” means Firm Systematic Framework

“PEP” means politically exposed person.

“Remediation Plan” means the risk mitigation programme the Authority provided

to the Bank of Beirut on 8 March 2011.

“Remediation Plan action points” means the specific actions set out in the

Remediation Plan that the Authority required Bank of Beirut to take.

“Skilled Person’s Report” means the report dated 10 February 2012 of the Skilled

Person whom the Authority required Bank of Beirut to appoint pursuant to s166 of

the Act.

4.
FACTS AND MATTERS

4.1.
Bank of Beirut is a UK subsidiary of Bank of Beirut S.A.L., which is incorporated in

Lebanon. Its principal activities are the provision of trade finance, correspondent

banking and commercial and retail banking services. Bank of Beirut has less than

1,000 customers, who are predominantly from countries that are regarded as

being higher risk from a financial crime perspective. As at 31 December 2011,

Bank of Beirut’s total assets were £321 million.

The Remediation Programme

4.2.
In December 2010, the Authority conducted a risk assessment at Bank of Beirut

(then known as an ARROW assessment, and now referred to as the FSF). The

ARROW process was fundamental to the Authority’s risk-based approach to

regulation. The Authority used the ARROW process to assess the particular risk a

firm might pose against its statutory objectives and the probability of that risk

materialising. The risk that a firm might pose to the Authority’s statutory

objectives is now assessed as part of the FSF.

4.3.
On 8 March 2011, the Authority wrote to Bank of Beirut, setting out its findings

from the ARROW assessment, and attaching the Remediation Plan. The Authority

observed that the culture of Bank of Beirut was one of insufficient consideration

of risk and regulatory requirements with insufficient focus on governance and

controls.

4.4.
The Authority had particular concerns around the effectiveness of the internal

audit function, which was hampered by a failure to resolve outstanding audit

issues. The Authority emphasised its reliance on the internal audit function in

supporting a culture of effective controls and governance at small sized firms that

are not subject to frequent supervision by the Authority.

4.5.
The Authority was also concerned about the Bank’s lack of a compliance

monitoring plan, designed to help ensure the Firm’s compliance with its

regulatory obligations and to counter the risk that the Firm might be exploited to

facilitate financial crime.

4.6.
In the Remediation Plan, among six other action points, the Authority set out

three action points that it expected Bank of Beirut to complete to address these

concerns:

(1)
By 1 June 2011, to resolve all outstanding internal audit issues and to

report to the Authority regarding what actions were taken and to ensure

the setting of deadlines for the resolution of all audit issues.

(2)
By 1 September 2011, to “develop, implement and conduct an adequate

compliance monitoring program” and to evidence this with a completion

report to the Authority.

(3)
By 1 June 2012, to review the implementation of all the other Remediation

Plan action points in order to provide assurance they were embedded in

the Firm’s processes.

Financial crime visit 2011

4.7.
Firms are required by the 2007 Regulations and the Authority’s Handbook to

implement and maintain systems and controls to prevent and detect money

laundering. Further to the 2007 Regulations, a firm must be able to demonstrate

to its supervisory authority that the extent of the due diligence and ongoing

monitoring measures it applies are appropriate in view of the risks of money

laundering and terrorist financing it may face.

4.8.
In April and May 2011, the Authority visited Bank of Beirut to assess its AML and

ABC systems and controls. During the visit, the Authority reviewed 15 client files,

including eight correspondent banking (an unregulated activity) and four PEP

files, which are areas classified as high risk by the 2007 Regulations. The file

review highlighted deficiencies in Bank of Beirut’s customer due diligence and

monitoring processes.

4.9.
Bank of Beirut did not carry out and document adequate customer due diligence,

nor did it carry out enhanced due diligence when establishing relationships with

higher risk customers. Bank of Beirut did not conduct the appropriate level of on-

going monitoring on its existing higher risk customers. In accordance with the

2007 Regulations, a firm must conduct ongoing monitoring of all business

relationships. Where the customer is considered to be higher risk, that monitoring

must be enhanced.

4.10. The Authority found that Bank of Beirut had failed to do one or more of the

following in each of the 15 files reviewed:

(1)
carry out and/or document an adequate risk assessment of the potential

money laundering risks posed by higher risk customers;

(2)
obtain and/or document senior management approval to establish a

business relationship with PEPs;

(3)
investigate allegations of corruption and Safewatch hits (software that

screens persons and transactions against watch lists);

(4)
establish and verify with adequate evidence the source and wealth of funds

of higher risk customers;

(5)
obtain sufficient identity and verification documentation; and

(6)
conduct ongoing reviews of higher risk customer files periodically to ensure

the information and risk assessment was up to date and that the activity

on accounts was consistent with expected activity.

4.11. The Authority also found that there was no financial crime compliance monitoring

and recommended that a compliance monitoring plan was put in place as a

priority.

4.12. Bank of Beirut confirmed that it would address the issues identified with its AML

and ABC systems and controls, including that it would:

(1)
review and remediate the 15 files reviewed by 30 August 2011; and

(2)
develop a compliance monitoring plan, including specific monitoring around

financial crime.

Appointment of a Skilled Person

4.13. Subsequently, the Authority required that Bank of Beirut appoint a Skilled Person

to review its AML and ABC systems and controls to confirm whether the issues

the Authority identified had been addressed. The Skilled Person reported in

February 2012 that Bank of Beirut had made some improvements to its AML and

ABC systems but set out a series of recommendations in relation to areas that

were still of concern. In particular, the Skilled Person recommended that further

development of an adequate compliance monitoring plan was required.

4.14. At the time of the Skilled Person’s assessment, Bank of Beirut was still reviewing

and remediating its client files. The Skilled Person noted that there were still

deficiencies in due diligence in respect of the files it reviewed that were currently

under remediation.

4.15. Bank of Beirut agreed to implement the Skilled Person’s recommendations. The

Authority required Bank of Beirut to submit a report on the implementation of the

Skilled Person’s recommendations on 31 July 2012.

Failure to implement Remediation Plan action points by deadlines

4.16. By the deadline of 1 June 2012, the Authority had not received any confirmation

from Bank of Beirut that it had reviewed the implementation of all the

Remediation Plan action points and that the improvements had been embedded in

the Firm’s processes.

4.17. As at 1 June 2012, Bank of Beirut had failed to complete three Remediation Plan

action points, because:

(1)
No review had been conducted of the implementation of the Remediation

Plan action points;

(2)
Not all outstanding internal audit reports had been resolved. Indeed, Bank

of Beirut failed to resolve these issues before the end of 2012; and

(3)
An adequate compliance monitoring plan had not been fully developed,

implemented and conducted. Bank of Beirut had still failed to complete this

action at the time it provided a completion report to the Authority on 30

November 2012. The compliance monitoring plan in place at this time was

inadequate for Bank of Beirut’s business. In any event, Bank of Beirut had

not yet conducted a full cycle of its compliance monitoring plan.

Inaccurate communications to the Authority

26 June 2012 email

4.18. On 12 June 2012, the Authority sent an email to Bank of Beirut chasing them for

a response to the overdue Remediation Plan action point requiring them to review

the implementation of the Remediation Plan action points by 1 June 2012.

4.19. On 26 June 2012, Bank of Beirut sent an email to the Authority confirming that:

“…the Remediation Plan action points have been implemented and are embedded

in the Bank’s policies and procedures.” This statement was inaccurate because it

suggested that Bank of Beirut had reviewed the implementation of the

Remediation Plan action points and that all action points had been implemented.

In fact, this review had not been conducted and not all action points had been

implemented.

4 July 2012 letter

4.20. On 28 June 2012, the Authority sent an email to Bank of Beirut asking for

underlying documentation to evidence the completion of the Remediation Plan

action points.

4.21. On 4 July 2012, Bank of Beirut disclosed to the Authority that no review of the

implementation of the Remediation Plan action points had been conducted.

However, in a letter of the same date, Bank of Beirut again suggested that all

Remediation Plan action points had been implemented, when this was not

correct: “… the specific action points outlined within the Remediation Plan have all

been incorporated within our systems and controls.”

30 July 2012 report on implementation of the recommendations in the Skilled

4.22. The Authority required Bank of Beirut to review the implementation of the Skilled

Person’s recommendations and produce a report for submission by 31 July 2012.

4.23. The report from Bank of Beirut stated, amongst other things: “…a more

sophisticated Compliance Monitoring program including criteria, methodology and

risk assessment has been established and this enhanced program will be

implemented by the Compliance department from July.”

4.24. The report was submitted to the Authority on 30 July 2012 and therefore gave

the impression that this compliance monitoring plan had already begun to be

implemented or would start to be implemented imminently. In fact, at the time of

submission, implementation of the more sophisticated compliance monitoring

programme had not begun and was not imminent.

3 August 2012 report on the implementation of the Remediation Plan action

points

4.25. Following the failure of Bank of Beirut to review the implementation of the

Remediation Plan action points by the original deadline of 1 June 2012, the

Authority’s requirement to complete this action remained outstanding.

4.26. Bank of Beirut provided a report to the Authority on 3 August 2012. In that

report, Bank of Beirut confirmed that “…the specific Remediation Plan action

points have been fully implemented and are embedded within the Bank’s systems

and controls and have become a matter of course for the firm.”

4.27. In respect of the action point to resolve all outstanding internal audit issues, the

report stated that the issues were currently being investigated by internal audit

and it was expected those issues would be closed during 2012.

4.28. In respect of the action point “to develop, implement, and conduct an adequate

compliance monitoring program”, the report stated that the compliance

monitoring plan had been further developed and assessed. The report did not

state that the compliance monitoring plan had not been fully implemented.

4.29. The overall assurance that the Remediation Plan action points had been fully

implemented was incorrect, as the action points in relation to outstanding internal

audit issues and the compliance monitoring plan were still not complete.

30 November 2012 report

4.30. By an email dated 16 August 2012, the Authority told Bank of Beirut that it did

not consider that the Remediation Plan action points had been completed. It

requested a completion report to evidence that the compliance monitoring plan

had been implemented and conducted, as required by the Remediation Plan.

4.31. Having obtained an extension of time from 1 September 2011, Bank of Beirut

submitted the report to the Authority on 30 November 2012. The report

confirmed that “…the specific [Remediation Plan] point in respect of the

compliance monitoring program has been fully implemented.”

4.32. However, the report referred to the work being conducted under the compliance

monitoring plan as “ongoing”. In addition, in a previous version of the report that

was not provided to the Authority, the report stated: “The Compliance

department has not fully completed all of the Compliance Monitoring Program

tests and in some instances monitoring has not been conducted in accordance

with the prescribed frequency.” This statement was omitted from the final report

following drafting suggestions made by a senior manager at Bank of Beirut to the

author: “…to highlight any shortcomings within the work carried out, rather than

highlight areas not yet covered which is sure to lead to the [Authority] providing

yet another deadline date and report to complete.”

4.33. Therefore, the overall assurance provided by the report that the action point “to

develop, implement and conduct an adequate compliance monitoring plan” had

been completed was inaccurate as the action point still had not been completed

when Bank of Beirut submitted this completion report.

Failure to disclose that the Bank had not remediated customer files

4.34. Following the identification of failings in AML and financial crime processes from a

file review conducted in 2011, the Authority required that Bank of Beirut

remediate all of its customer files.

4.35. When the Authority carried out a further file review at Bank of Beirut in March

2013 (nearly two years later), it discovered that Bank of Beirut had still failed to

remediate all of the 15 files that the Authority had reviewed in May 2011. Bank

of Beirut had told the Authority that this would be completed by 30 August 2011.

Furthermore, the Authority found that files that had apparently been remediated

by Bank of Beirut still failed to comply with regulatory standards.

4.36. Bank of Beirut had not informed the Authority that it had failed to remediate its

customer files as required by the Authority within the agreed timeframes. Of the

twelve files reviewed in 2013, the Authority found that eight failed to meet

regulatory standards. Six of these files were part of the file sample originally

reviewed by the Authority in 2011; of these, four failed, one was borderline and

one passed.

4.37. Following the Authority’s visit in March 2013, Bank of Beirut engaged an external

consultant and appointed a dedicated team to undertake and finalise the

remediation exercise. As a result of the Authority’s continued concerns in relation

to financial crime risks, the Authority requested and the Bank of Beirut undertook

not to enter into any new customer account relationships with entities that were

resident or incorporated in high risk jurisdictions until the files for the entire

customer base had been remediated and were in compliance with regulatory

standards. Bank of Beirut completed the remediation process in October 2013

following which the Authority discharged the undertaking.

5.
FAILINGS

5.1.
The regulatory provisions relevant to this Final Notice are referred to in Annex A.

5.1.
Principle 11 requires a firm to deal with its regulators in an open and cooperative

way and to disclose to the Authority appropriately anything relating to the firm of

which the Authority would reasonably expect notice.

5.2.
Bank of Beirut breached Principle 11 because it failed to deal with the Authority in

an open and cooperative way and to disclose to the Authority information of

which it would reasonably expect notice, because:

(1)
Bank of Beirut failed to implement three Remediation Plan action points as

directed by the Authority (including the requirements: (i) to resolve all

outstanding internal audit issues; (ii) to develop, implement and conduct

an adequate compliance monitoring plan; and (iii) to review the

implementation of the Remediation Plan action points within the Firm’s

processes). The Bank then repeatedly provided inaccurate information to

the Authority about the status of these Remediation Plan action points,

including:

(a)
In response to the Authority requesting Bank of Beirut to respond to

the overdue Remediation Plan action “to review the implementation

of the Remediation Plan action points”, Bank of Beirut, sent an

email on 26 June 2012 confirming that the Remediation Plan action

points had been implemented, when no review had been

undertaken and not all Remediation Plan action points were

implemented;

(b)
In a letter dated 4 July 2012, Bank of Beirut again confirmed that

all the Remediation Plan action points had been implemented, when

this was not correct;

(c)
In a report dated 30 July 2012, Bank of Beirut stated that the

compliance monitoring plan would be implemented from July, when

this was not correct;

(d)
Bank of Beirut provided assurance to the Authority that the

Remediation Plan action points had been implemented into its

procedures, in a report dated 3 August 2012, when three

Remediation Plan action points remained outstanding; and

(e)
Bank of Beirut provided assurance to the Authority, in a report

dated 30 November 2012, that the action point to “develop,

implement and conduct an adequate compliance monitoring plan”

was complete, when the action point was not complete.

(2)
Bank of Beirut also breached Principle 11 because it failed to disclose to

the Authority that it had not remediated its customer files to correct

deficiencies in the implementation of AML and financial crime procedures

within agreed timeframes.

6.
SANCTION

Introduction

6.1.
The Authority imposes a total financial penalty of £2,100,000 on Bank of Beirut

for breaching Principle 11.

6.2.
In addition to imposing a financial penalty, the Authority also imposes a

restriction on Bank of Beirut. The Authority believes that imposing a restriction,

in addition to a financial penalty, will be a more effective and persuasive

deterrent than a financial penalty alone.

6.3.
Accordingly the Authority, in addition to the financial penalty, also imposes a

restriction on Bank of Beirut that for a period of 126 days, in respect of its

regulated activities only, Bank of Beirut may not acquire new customers that are

resident or incorporated in high risk jurisdictions. For the purposes of the

restriction only, high risk jurisdictions are defined as countries which have a score

of 60 or below in Transparency International’s Corruption Perceptions Index.

Financial penalty

6.4.
The Authority’s policy on the imposition of financial penalties is set out in Chapter

6 of DEPP which forms part of the FCA Handbook. Since the misconduct occurred

after the introduction of the Authority’s penalty regime on 6 March 2010, the

Authority has applied the five-step framework in DEPP 6.5A to determine the

appropriate level of financial penalty.

Step 1: disgorgement

6.5.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the

financial benefit derived directly from the breach where it is practicable to

quantify this.

6.6.
The Authority has not identified any financial benefit that Bank of Beirut derived

directly from its breach.

6.7.
Step 1 is therefore £0.

Step 2: the seriousness of the breach

6.8.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that

reflects the seriousness of the breach. Where the amount of revenue generated

by a firm from a particular product line or business area is indicative of the harm

or potential harm that its breach may cause, that figure will be based on a

percentage of the firm’s revenue from the relevant products or business area.

6.9.
The Authority considers that the revenue generated by Bank of Beirut is not an

appropriate indicator of the harm or potential harm caused by its breach. The

breach relates to failures to be open and cooperative with the Authority and to

disclose information of which it would reasonably expect notice, which are not

related to revenue. The Authority has not identified an alternative indicator of

harm or potential harm appropriate to the breach and so, pursuant to DEPP

6.5A.2G(13), has determined the appropriate Step 2 amount by taking into

account those factors which are relevant to an assessment of the level of

seriousness of the breach.

6.10. In assessing the seriousness level, the Authority takes into account various

factors which reflect the impact and nature of the breach, and whether it was

committed deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be

considered ‘level 4 or 5 factors’. Of these, the Authority considers the following

factors to be relevant:

(1)
The breach created a significant risk that financial crime would be

facilitated, occasioned or otherwise occur: Bank of Beirut’s breach involved

a failure to fully address concerns that the Bank could be exploited to

facilitate financial crime. This left the firm open to the risk it might be used

to facilitate financial crime.

(2)
The breach was committed deliberately or recklessly: Bank of Beirut’s

breach was reckless because responsible individuals at the firm failed to

undertake the actions required by the Authority within the prescribed

timeframes and then provided inaccurate communications to the Authority

in relation to these actions.

6.11. The Authority also considers that the following factors are relevant:

(1)
Whether the breach has an adverse effect on markets and, if so, how

serious that effect was: Bank of Beirut’s breach involved a failure to

cooperate with the Authority to address concerns that the Bank could be

exploited to facilitate financial crime. The integrity of the UK financial

system is endangered by failures which risk the system being used for a

purpose connected with financial crime.

(2)
The frequency of the breach: Bank of Beirut’s breach involved failures to

fully implement three out of nine Remediation Plan actions and a failure to

complete the remediation of its client files as required by the deadlines set

by the Authority. The breach also involved providing five inaccurate

communications to the Authority over a six month period.

(3)
The nature of the breach: The Authority’s approach to supervision is reliant

upon firms taking on responsibility for completing actions within a specified

timeline to mitigate or resolve risks. The Authority must be able to rely

upon confirmation received from a firm that the actions have been

completed and the risks mitigated or resolved to ensure the efficacy of this

approach.

6.12. Taking all of these factors into account, the Authority considers the seriousness of

the breach to be level 4 and that the Step 2 figure is £3,000,000.

Step 3: mitigating and aggravating factors

6.13. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the

amount of the financial penalty arrived at after Step 2, but not including any

amount to be disgorged as set out in Step 1, to take into account factors which

aggravate or mitigate the breach.

6.14. The Authority does not consider that there are any factors which aggravate or

mitigate the breach.

6.15. Step 3 is therefore £3,000,000.

Step 4: adjustment for deterrence

6.16. Pursuant to DEPP 6.5A.4G, if the FCA considers the figure arrived at after Step 3

is insufficient to deter the firm who committed the breach, or others, from

committing further or similar breaches, then the Authority may increase the

penalty.

6.17. The Authority considers that the Step 3 figure of £3,000,000 is proportionate in

relation to the nature of the breach, to meet the Authority’s objective of credible

deterrence in respect of Bank of Beirut and others. The Authority has therefore

not increased the penalty at Step 4.

6.18. Step 4 is therefore £3,000,000.

Step 5: settlement discount

6.19. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to

be imposed agree the amount of the financial penalty and other terms, DEPP 6.7

provides that the amount of the financial penalty which might otherwise have

been payable will be reduced to reflect the stage at which the Authority and the

firm reached agreement. The settlement discount does not apply to the

disgorgement of any benefit calculated at Step 1.

6.20. The Authority and Bank of Beirut reached agreement at Stage 1 and so a 30%

discount applies to the Step 4 figure.

6.21. Step 5 is therefore £2,100,000.

Financial penalty

6.22. The Authority therefore imposes a total financial penalty of £2,100,000 on Bank

of Beirut for breaching Principle 11.

Restriction

6.23. The Authority also imposes a restriction on Bank of Beirut that for a period of 126

days from the date this Final Notice is issued, in relation to its regulated activities

only, Bank of Beirut may not acquire new customers that are resident or

incorporated in high risk jurisdictions. For the purposes of the restriction only,

high risk jurisdictions are defined as countries which have a score of 60 or below

in Transparency International’s Corruption Perceptions Index. This includes Bank

of Beirut’s core overseas markets.

6.24. The restriction the Authority imposes is a disciplinary measure in respect of Bank

of Beirut's misconduct between 1 June 2011 and 20 March 2013.

6.25. When determining whether a restriction is appropriate, the Authority is required

to consider the full circumstances of the case. The Authority will impose a

restriction where it believes that such action will be a more effective and

persuasive deterrent than the imposition of a financial penalty alone. DEPP

6A.2.3G specifies examples of circumstances where the Authority may consider it

appropriate to impose a restriction.

6.26. The Authority considers the following factors are relevant:

(1)
The firm has failed properly to carry out agreed remedial measures: the

Bank of Beirut failed to carry out remedial measures as required by the

Authority, including three Remediation Plan action points and the

remediation of its client files within the agreed timeframes. It then failed to

be open and cooperative with the Authority as to whether these actions

had been completed.

(2)
The misconduct appears to be widespread across a number of individuals

across a particular business area (suggesting a poor compliance culture): a

number of individuals were involved in Bank of Beirut’s failures to

undertake actions required by the Authority and the provision of inaccurate

communications to the Authority.

6.27. The Authority considers it appropriate to impose a restriction here in relation to

activities directly linked to the breach. Bank of Beirut’s breach left the firm open

to the risk it might be used to facilitate financial crime. The Authority considers

that a restriction affecting Bank of Beirut’s activities in relation to customers that

represent a higher risk from a financial crime perspective is appropriate.

Length of restriction

6.28. When determining the length of the restriction that is appropriate for the breach

concerned, and also the deterrent effect, the Authority will consider all the

relevant circumstances of the case. DEPP 6A.3.2G sets out factors that may be

relevant in determining the appropriate length of the restriction. The Authority

considers that the following factors are particularly relevant in this case.

Deterrence (DEPP 6A.3.2G(1))

6.29. When determining the appropriate length of the restriction, the Authority will

have regard to the principal purpose for which it imposes sanctions, namely to

promote high standards of regulatory and/or market conduct by deterring

persons who have committed breaches from committing further breaches and

helping to deter other persons from committing similar breaches, as well as

demonstrating generally the benefits of compliant business.

6.30. The Authority considers that the restriction it has decided to impose will

emphasise that the Authority must be able to rely on firms to take actions

required to mitigate or resolve risks and to be able to rely upon the information

and assurances provided by firms. It will also deter Bank of Beirut and other firms

with customers that are higher risk from a financial crime perspective from

operating with poor AML systems and controls.

The seriousness of the breach (DEPP 6A.3.2G(2))

6.31. When assessing the seriousness of the breach, the Authority takes into account

various factors (which may include those listed in DEPP 6.5A.2G(6) to (9)) which

reflect the impact and nature of the breach, and whether it was committed

deliberately or recklessly.

6.32. When considering the seriousness of the breach, the Authority has taken into

account the following factors listed at paragraphs 6.10(1) to (2) and 6.11(1) to

(3).

6.33. Taking all of these factors into account, the Authority considers the total length of

the restriction is 180 days.

Aggravating and mitigating factors (DEPP 6A.3.2G(3))

6.34. The Authority takes into account various factors (which may include those listed

in DEPP 6.5A.3G(2)) which may aggravate or mitigate a breach.

6.35. The Authority does not consider that there are any factors which aggravate or

mitigate the breach.

Impact of restriction on Bank of Beirut (DEPP 6A.3.2G(4))

6.36. When assessing the impact of the restriction on Bank of Beirut, the Authority has

taken into account the following:

(1)
Bank of Beirut’s expected lost revenue and profits from not being able to

carry out the restricted activity;

(2)
potential economic costs, for example, the payment of salaries to

employees who will not work or will have reduced work during the period

of restriction; and

(3)
the effect on other areas of Bank of Beirut’s business.

Impact of restriction on persons other than Bank of Beirut (DEPP

6.37. When assessing the impact of the restriction on persons other than Bank of

Beirut, the Authority considers the following to be relevant: the extent to which

consumers may suffer loss or inconvenience as a result of the suspension or

restriction.

6.38. Having taken into account all the circumstances of the case, including the

considerations set out at DEPP 6A.3.3G, the Authority does not consider it

appropriate to delay the commencement of the period of restriction.

Settlement discount

6.39. Bank of Beirut agreed to settle at an early stage of the Authority’s investigation.

Bank of Beirut therefore qualified for a 30% (stage 1) discount to the length of

the restriction under the Authority’s executive settlement procedures, reducing

the restriction to 126 days. Were it not for this discount, the Authority would

have imposed a restriction of 180 days on Bank of Beirut.

6.40. The Authority therefore imposes a total financial penalty of £2,100,000 on Bank

of Beirut for breaching Principle 11.

6.41. In addition to imposing a financial penalty, the Authority also imposes a

restriction on Bank of Beirut that, for a period of 126 days from the date this Final

Notice is issued, in respect of its regulated activities only, Bank of Beirut may not

acquire new customers that are resident or incorporated in high risk jurisdictions.

For the purposes of the restriction only, high risk jurisdictions are defined as

countries which have a score of 60 or below in Transparency International’s

Corruption Perceptions Index.

6.42. Pursuant to DEPP 6A.4.4G, the Authority considers that the combination of

sanctions is proportionate considering the nature and seriousness of the Principle

11 breach.

7.
PROCEDURAL MATTERS

Decision maker

7.1.
The decision which gave rise to the obligation to give this Notice was made by the

Settlement Decision Makers.

7.2.
This Final Notice is given under, and in accordance with, section 390 of the Act.

Manner of and time for Payment

7.3.
The financial penalty must be paid in full by Bank of Beirut to the Authority by no

later than 18 March 2015, 14 days from the date of the Final Notice.

If the financial penalty is not paid

7.4.
If all or any of the financial penalty is outstanding on 19 March 2015, the

Authority may recover the outstanding amount as a debt owed by Bank of Beirut

and due to the Authority.

7.5.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of

information about the matter to which this notice relates. Under those

provisions, the Authority must publish such information about the matter to which

this notice relates as the Authority considers appropriate. The information may

be published in such manner as the Authority considers appropriate. However,

the Authority may not publish information if such publication would, in the opinion

of the Authority, be unfair to you or prejudicial to the interests of consumers or

detrimental to the stability of the UK financial system.

7.6.
The Authority intends to publish such information about the matter to which this

Final Notice relates as it considers appropriate.

Authority contacts

7.7.
For more information concerning this matter generally, contact Allegra Bell (direct

line: 020 7066 8110) or Matthew Finn (direct line: 020 7066 1276) of the

Enforcement and Market Oversight Division of the Authority.

Financial Conduct Authority, Enforcement and Market Oversight Division

ANNEX A

RELEVANT STATUTORY AND REGULATORY PROVISIONS

1.
RELEVANT STATUTORY PROVISIONS

1.1.
The Authority’s statutory objectives, set out in section 1B(3) of the Act, include

integrity objective.

1.2.
Section 1D of the Act is the integrity objective: “protecting and enhancing the

integrity of the UK financial system.”

1.3.
Section 206A of the Act provides that where an authorised person has

contravened a requirement imposed on it under the Act the Authority may

impose, for such a period as it considers appropriate, such suspensions of that

person’s permissions or limitations or other restrictions in relation to the carrying

on of a regulated activity by the person as it considers appropriate. A restriction

may, in particular, be imposed so as to require the person concerned to take, or

refrain
from
taking,
specified
action.
The
period
for
which
the

suspension/restriction is to have effect may not exceed 12 months.

1.4.
Section 206(1) of the Act provides:

“If the Authority considers that an authorised person has contravened a

requirement imposed on him by or under this Act… it may impose on him a

penalty, in respect of the contravention, of such amount as it considers

appropriate."

2.
RELEVANT REGULATORY PROVISIONS

Principles for Businesses

2.1.
The Principles are a general statement of the fundamental obligations of firms

under the regulatory system and are set out in the Authority’s Handbook. They

derive their authority from the Authority’s rule-making powers set out in the Act.

The relevant Principles are as follows.

2.2.
Principle 11 provides:

“A firm must deal with its regulators in an open and cooperative way, and must

disclose to the [Authority] appropriately anything relating to the firm of which the

[Authority] would reasonably expect notice.”

DEPP

2.3.
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the

Authority’s statement of policy with respect to the imposition and amount of

financial penalties under the Act.

The Enforcement Guide

2.4.
The Enforcement Guide sets out the Authority’s approach to exercising its main

enforcement powers under the Act.

2.5.
Chapter 7 of the Enforcement Guide sets out the Authority’s approach to

exercising its power to impose a financial penalty.


© regulatorwarnings.com

Regulator Warnings Logo