Final Notice
FINAL NOTICE
To:
Barclays Bank plc
1.
ACTION
1.1.
For the reasons given in this notice, the Authority hereby imposes on Barclays a
financial penalty of £72,069,400, comprising disgorgement of £52,300,000 and a
penalty of £19,769,400, for breaches of Principle 2 (due skill, care and diligence)
during the Relevant Period (23 May 2011 to 24 November 2014).
1.2.
Barclays agreed to settle at an early stage of the Authority’s investigation.
Barclays therefore qualified for a 30% (stage 1) discount under the Authority’s
executive settlement procedures. Were it not for this discount, the Authority
would have imposed a financial penalty of £80,542,000 (comprising disgorgement
of £52,300,000 and a penalty of £28,242,000) on Barclays.
2.
SUMMARY OF REASONS
2.1.
The laundering of money through UK financial institutions undermines the
integrity of the UK financial services sector. It is the responsibility of UK financial
institutions to ensure that they minimise the risk of being used for criminal
purposes and, in particular, of facilitating money laundering or terrorist financing.
Barclays failed to do so in connection with the Transaction, which was a £1.88
billion transaction Barclays arranged during 2011 and 2012 for a number of ultra-
high net worth politically exposed persons (the Clients). As a result, Barclays
breached Principle 2, which requires Barclays to conduct its business with due
skill, care and diligence.
2.2.
Barclays established the Business Relationship with the Clients in respect of the
Transaction in 2011. The Transaction involved a structured finance transaction
comprised of investments in notes backed by underlying warrants and third party
bonds. A number of companies were used to make the investments and the
proceeds of the investments were held in a Trust of which the Clients were
beneficiaries. The target investment objective for the Transaction was a specified
rate of income with full capital guarantee over a number of decades. The
Transaction was the largest of its kind that Barclays had executed for natural
persons. Deals over £20 million were commonly referred to within Barclays as
“elephant deals” because of their size and the Transaction, which was for an
amount of £1.88 billion, was also referred to as an “elephant deal”.
2.3.
Barclays agreed to keep details of the Business Relationship, and particularly the
identities of the Clients, strictly confidential even within Barclays. In the event
that Barclays failed to do so, Barclays agreed to indemnify the Clients up to £37.7
million in compensation for the loss of confidentiality. While there is nothing
inherently wrong with firms maintaining a high level of client confidentiality, it
was Barclays’ responsibility to ensure that, by doing so, it was not limiting its
ability to follow appropriate procedures for establishing the Business Relationship.
2.4.
As a result of these confidentiality requirements, and the fact that the Transaction
required a high level of co-ordination across a number of Barclays’ business
divisions in various jurisdictions around the world, Barclays determined that its
usual processes for dealing with PEPs and assessing financial crime risks were not
appropriate for the Business Relationship. Barclays restricted the number of its
staff who were involved in the Business Relationship and sought to address the
financial crime risks that were associated with it in an ad hoc way. However, in
doing so, Barclays did not exercise due skill, care and diligence. It failed to
assess, manage and monitor those risks appropriately.
2.5.
Specifically, in breach of Principle 2:
a)
Barclays’ front office senior management at the time failed to oversee
adequately Barclays’ handling of the financial crime risks that were
associated with the Business Relationship. It was unclear which senior
managers were ultimately in charge of doing so. This lack of clarity
caused confusion and resulted in a number of failures. Specifically, those
who approved Barclays’ entry into the Business Relationship had a very
poor understanding of the financial crime risks involved and misunderstood
what their approval was for. Barclays senior management were concerned
about the speed at which the due diligence process could be completed,
with one manager expressing a desire to “race this through”;
b)
Having classified the Clients as Sensitive PEPs, Barclays failed to respond
appropriately to a number of features of the Business Relationship that
indicated a higher risk of financial crime. Barclays should have been
particularly vigilant to guard against the risk of it being used to facilitate
financial crime in view of such higher risk features;
c)
Barclays did not follow its standard procedures that it would normally
follow for establishing relationships with Sensitive PEPs or put acceptable
alternative procedures in their place. In fact, Barclays followed a less
robust process than it would have done for its other business relationships
that had a lower risk profile;
d)
Barclays failed to establish adequately the purpose and nature of the
Transaction and did not sufficiently corroborate the Clients’ stated source
of wealth and source of funds for the Transaction. These were
fundamental due diligence checks which Barclays should have carried out;
e)
Barclays failed to monitor appropriately the financial crime risks associated
with the Business Relationship on an ongoing basis. Barclays missed
opportunities after it entered into the Business Relationship to identify and
remedy gaps in its understanding of these risks; and
f)
Barclays failed to maintain adequate records of the due diligence it
undertook in connection with the Business Relationship and to ensure that
that those records were readily identifiable and capable of retrieval.
2.6.
Firms must take particular care and undertake additional due diligence when
establishing business relationships with PEPs. Barclays failed to do so despite
having classified the Clients as Sensitive PEPs and despite the exceptional size of
the Transaction. Barclays thereby threatened confidence in the UK financial
system and failed to mitigate the risk to society of financial crime.
2.7.
Barclays went to significant lengths to accommodate the Clients. It did this to
win the Clients’ business and for the significant revenue that it would generate
from the Transaction. In the early stages of arranging the deal, when it was
suggested that the Transaction might be for a larger sum, one senior manager
recognised that it could be “the deal of the century”. It was also recognised by
some within Barclays that the Transaction could open the door to similar
significant business opportunities for Barclays.
2.8.
In reaching its conclusions, the Authority has taken into account the following
considerations:
a)
the Authority has previously taken enforcement action against other firms
for failings associated with the risk of financial crime. Previous
enforcement actions have emphasised the importance of identifying and
managing appropriately the risks associated with PEPs. In 2011 the
Authority also published its Thematic Review on how banks operating in
the United Kingdom were managing the prevention of money laundering in
high risk situations and the Financial Crime Guide1. These are in addition
to the extensive guidance published by the JMLSG to assist banks in
addressing these risks. The publications referred to above emphasise the
importance of firms having robust controls in place to counter financial
crime risks, particularly when firms have customers who are PEPs. Firms
are required to apply these controls with due skill, care and diligence;
b)
the Transaction was exceptional in size. The risk of damaging confidence in
the UK market (were Barclays to be facilitating the movement of funds
that were linked to financial crime) was consequently significant;
c)
Barclays expected to generate a significant amount of revenue from the
Business Relationship by providing similar services to other clients; and
1 The Financial Crime Guide provides practical information to firms on actions they can take to counter the risk
they might be used to further financial crime. It also contains guidance on how firms can meet the
requirements of the 2007 Regulations.
d)
firms that do not meet required due diligence standards may be perceived
to have an unfair competitive (cost) advantage over firms that are
compliant; and
e)
the failings were not identified by Barclays. It was only after the Authority
entered into discussions with Barclays about the Transaction that Barclays
carried out further work to gather additional EDD information in relation to
the Business Relationship. Barclays completed this work at the end of the
Relevant Period in November 2014.
2.9.
The Authority therefore proposes to impose a financial penalty on Barclays in the
amount of £72,069,400 pursuant to section 206 of the Act.
2.10. Since the Authority entered into discussions with Barclays about the Transaction,
Barclays has committed significant time and resources to carrying out further
work to gather additional EDD information in relation to the Business
Relationship. In addition, the Authority recognises that Barclays has fully co-
operated with the Authority’s investigation.
2.11. The Authority does not make any finding that financial crime was facilitated by
Barclays, or regarding the provenance of the funds invested in connection with
the Business Relationship. Nor does the Authority make any finding that the
revenue that Barclays generated from the Transaction was derived from any
financial crime. The Authority makes no criticism of the Clients in this Notice.
3.
DEFINITIONS
3.1.
The definitions below are used in this Final Notice:
“the 2007 Regulations” means the Money Laundering Regulations 2007, which
came into force on 15 December 2007;
“the Act” means the Financial Services and Markets Act 2000;
“AML” means anti-money laundering;
“the Authority” means the body corporate previously known as the Financial
Services Authority and renamed on 1 April 2013 as the Financial Conduct
Authority;
“Barclays” means Barclays Bank plc;
“Business Relationship” means the business relationship entered into between
Barclays and the Clients in respect of the Transaction;
“CDD” means customer due diligence measures as defined in regulation 5 of the
2007 Regulations and included in the Annex to this Notice;
“Clients” means the ultra-high net worth individuals on whose behalf Barclays
arranged and executed the Transaction;
“Confidentiality Agreement” means the confidentiality agreement executed by
Barclays in connection with the Business Relationship and pursuant to which
Barclays was obliged, among other things, to keep the identity of the Clients
confidential;
“Credit Side Letter” means the letter Barclays signed in connection with the
Transaction described in paragraph 4.15(c) below;
“DEPP” means the Authority’s Decision Procedures and Penalties Manual;
“EDD” means enhanced customer due diligence measures. The circumstances
where EDD should be applied are set out in regulation 14 of the 2007
Regulations;
“enhanced ongoing monitoring” of a business relationship is defined in regulation
8 of the 2007 Regulations and included in the Annex to this Notice;
“Financial Crime Guide” means the Authority’s guidance entitled “Financial crime:
a guide for firms” published on 9 December 2011;
“financial crime risks” means the risks of money laundering and terrorist
financing;
“JMLSG” means the Joint Money Laundering Steering Group. The JMLSG is a
body comprised of the leading UK trade associations in the financial services
sector;
“JMLSG Guidance” means the guidance issued by the JMLSG and approved by a
Treasury Minister on compliance with the legal requirements in the 2007
Regulations, regulatory requirements in the Authority’s Handbook and evolving
practice within the financial services industry. The JMLSG Guidance sets out good
practice for the UK financial services sector on the prevention of money
laundering and combatting terrorist financing;
“PEP” means a Politically Exposed Person as defined in regulation 14(5) of the
2007 Regulations and set out in the Annex to this Notice;
“Principles” means the Authority’s Principles for Businesses which are part of the
Authority’s Handbook;
“Relevant Period” means 23 May 2011 to 24 November 2014;
“Representation Letter” means the letter that Barclays signed in connection with
the Transaction to confirm Barclays had performed all necessary CDD on the
Clients, as described in paragraph 4.15(a) below;
“Sensitive PEP” is defined in Barclays’ internal policies as a PEP in relation to
whom there is a greater level of risk or exposure to bribery or corruption because,
for example, they reside or are located in certain high risk countries, occupy
particular senior ranking roles or whose occupation involves an industry that is
especially susceptible to bribery or corruption;
“Thematic Review” means the Authority’s thematic review published in June 2011
entitled “Banks’ management of high money-laundering risk situations”;
“Transaction” means the £1.88 billion transaction Barclays arranged and executed
during 2011 and 2012 for the Clients;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
“Trust” means the trust into which the proceeds of the investment made as a
result of the Business Relationship were held;
“Trust Deed” means the deed establishing and setting out the terms of the Trust;
and
“Trust Letter” means the letter Barclays signed in connection with the Business
Relationship acknowledging, among other things, that the identity of the
beneficiaries of the Trust could change under certain circumstances, as described
in paragraph 4.15(b) below.
4.
FACTS AND MATTERS
4.1.
Barclays is a full service bank headquartered in London with operations in retail,
wholesale and investment banking, as well as wealth management, mortgages
and credit cards. It has a strong market presence both in the United Kingdom
and globally. It has been authorised by the Authority since 1 December 2001 to
perform a number of regulated activities.
Legal and regulatory obligations
4.2.
In order to prevent the UK financial system being exposed to financial crime risks,
regulated firms are required to comply with certain obligations when entering into
new business relationships. These obligations are set out in the Authority’s
Handbook and the 2007 Regulations and are supported by the JMLSG Guidance,
together with statements from the Authority and other bodies.
4.3.
Relevant extracts from the Authority’s Handbook, 2007 Regulations and the
JMLSG Guidance are set out in the Annex to this Notice.
The Authority’s Thematic Review and Financial Crime Guide
4.4.
In June 2011 the Authority published the findings of its Thematic Review of how
banks operating in the UK were managing the prevention of money laundering in
high risk situations. This included a number of good and poor practice examples
for firms to consider when establishing business relationships with PEPs, such as
the Clients. This was followed by the Authority’s publication of the Policy
Statement “Financial Crime: a guide for firms” in December 2011 which contained
guidance on the steps that firms could take to counter the risk of being used to
further financial crime, including in their dealings with PEPs.
PEPs and Sensitive PEPs
4.5.
Barclays often deals with ultra-high net worth customers and customers classified
as PEPs. PEPs are defined in the 2007 Regulations and include individuals outside
the UK who may be able to abuse their public position for private gain. PEPs
susceptible to an even greater risk of bribery or corruption (for example, because
they reside or are located in certain countries, occupy particular senior ranking
roles or whose occupation involves an industry that is especially susceptible to
bribery or corruption) were classified by Barclays as Sensitive PEPs.
4.6.
Barclays classified the Clients as Sensitive PEPs.
Due diligence and monitoring requirements
4.7.
The 2007 Regulations and the JMLSG Guidance require firms to undertake CDD by
gathering documents, data or other information about prospective customers.
This is in order to identify and verify the identity of the customer or (in the case
of corporate entities, trusts and other arrangements) the customer’s ownership
and control structure, and to establish the purpose and intended nature of the
proposed business relationship.
4.8.
When a customer is classified as a PEP, a firm is required to undertake EDD on a
risk sensitive basis in order to further mitigate the increased risks of financial
crime associated with such customers. The 2007 Regulations require firms to
take adequate and meaningful measures with regard to PEPs to establish, in
addition to the purpose and nature of the business relationship, the source of the
customer’s wealth and the source of funds to be involved in the business
relationship. A firm is also required under the 2007 Regulations to conduct
enhanced on-going monitoring of its business relationships with PEPs.
4.9.
Furthermore, Barclays’ procedures required that its relationships with Sensitive
PEPs be subject to an annual review process whereby account activity and
updated EDD information would be reviewed and a decision would be taken to
either retain or end the relationship with the Sensitive PEP.
The Transaction
4.10. During 2011 Barclays was asked to arrange and execute the Transaction.
Barclays was keen to do so for various reasons, in addition to winning the Clients’
business and the significant revenue that it would generate from the Transaction.
In the early stages of arranging the deal, when it was suggested that the
Transaction might be for a larger sum, one senior manager recognised that it
could be “the deal of the century”. It was also recognised by some within
Barclays that the Transaction could open the door to similar significant business
opportunities for Barclays.
4.11. Prior to Barclays arranging the Transaction, Barclays agreed to enter into the
Confidentiality Agreement which sought to keep knowledge of the Clients’ identity
restricted to a very limited number of people within Barclays and its advisers. In
the event that Barclays breached these confidentiality obligations, it would be
required to indemnify the Clients up to £37.7 million. The terms of the
Confidentiality Agreement were onerous and were considered by Barclays to be
an unprecedented concession for clients who wished to preserve their
confidentiality.
4.12. In view of these confidentiality requirements, Barclays determined that details of
the Clients and the Transaction should not be kept on its computer systems. A
select team, including representatives from senior management, was brought
together from across Barclays’ divisions and offices around the world to carry out
the checks required to establish the Business Relationship and to arrange and
execute the Transaction.
4.13. The Transaction involved the use of a number of companies and a trust across
multiple jurisdictions, which Barclays understood was to preserve the Clients’
confidentiality. It was a structured finance transaction comprised of investments
in notes backed by underlying warrants and third party bonds. The target
investment objective for the Transaction was a specified rate of income with full
capital guarantee over a number of decades. The proceeds of the investment
were held in the Trust of which the Clients were beneficiaries.
4.14. Barclays had an initial understanding of the extent of the investment that each of
the Clients proposed to make in the Transaction. At this point it was proposed
that one of the Clients (“Client A”) would take a proportion of the proceeds of the
Transaction but Client A would not contribute any of the capital for the
Transaction. Barclays understood from the Clients that this was in consideration
of services provided by Client A. Barclays questioned the economic rationale for
this approach and suggested that the Clients answer a series of questions for EDD
purposes in order to ascertain the economic rationale and the exact nature of the
services provided by Client A. However, at a subsequent meeting between
Barclays and the Clients, it was agreed that the funding structure of the
Transaction would instead revert to Client A contributing capital to the
Transaction in the same proportion as Client A’s share of the proceeds of the
Transaction. In light of these changes, Barclays also agreed at the same meeting
not to require the Clients to answer Barclays’ additional EDD questions.
4.15. In connection with the Business Relationship, Barclays signed the following
a)
the Representation Letter, which stated that Barclays had performed the
necessary EDD, including in relation to the ultimate beneficial ownership of
the funds invested in the Transaction and the proceeds from it. For the
reasons given in this Notice, the Authority does not consider that Barclays’
EDD on the Transaction was sufficient;
b)
the
Trust
Letter,
which
was
subsequently
combined
with
the
Representation Letter into a single document acknowledging, among other
things, that the beneficiaries of the Trust could change under certain
circumstances; and
c)
the Credit Side Letter, which stated that, if required, Barclays would
provide one of the companies involved in the Transaction with an open line
of credit, in the amount of up to 60% of the value of the assets invested in
the Transaction, for the life of the investment and secured against all or
any part of those assets. If Barclays was unable to provide the credit
referred to in the letter, Barclays agreed to pay several millions of US
dollars to the relevant company.
Higher risk indicators
4.16. During the Relevant Period, Barclays was required to apply EDD measures in
relation to the Business Relationship on a risk-sensitive basis. In determining
what EDD measures it should apply, it was required to have regard to those
features of the Business Relationship which, by their nature, presented a higher
risk of financial crime.
4.17. There were in fact a number of features regarding the Business Relationship that
indicated a higher risk of financial crime and that should have prompted Barclays
to gather more detailed EDD information beyond that which was normally
required under its standard procedures, including the following:
a)
The size of the Transaction was exceptional in that it comprised a £1.88
billion transaction. Large transactions are not necessarily problematic but if
firms do not undertake adequate EDD and it is later discovered that funds
invested were associated with criminal or terrorist activity, the harm that
could be caused to the integrity of the UK financial system and to society
could be, commensurately, very significant;
b)
Barclays encountered instances where it experienced difficulties obtaining
adequate documents, details and explanations it required for EDD
purposes from the Clients. Barclays was reluctant to obtain information
due to perceived sensitivities with the Clients providing information. For
example, Barclays did not obtain a full copy of the Trust Deed from the
Clients, notwithstanding that the Clients had agreed to make changes to
the document following discussions with Barclays. The changes related to
the ultimate beneficial owners of the proceeds of the Transaction and the
circumstances in which the beneficial owners could change. In these
circumstances Barclays should have obtained a copy of the Trust Deed to
satisfy itself that these changes had been reflected in the document.
Barclays eventually accepted that it was too difficult to obtain a complete
copy of the Trust Deed and proceeded to establish the Business
Relationship without first having had sight of the document. While wealthy
clients may tend to be more vigilant in protecting their privacy, firms
should be alive to the risks of making compromises about the provision of
information;
c)
Barclays agreed to adhere to exceptional levels of confidentiality. While
there is nothing inherently wrong with a client seeking reassurance that its
business will be conducted discreetly, the Confidentiality Agreement
imposed strict levels of confidentiality and should have prompted Barclays
to take extra care to ensure that by agreeing to such measures it was not
limiting its ability to follow appropriate procedures for establishing the
Business Relationship;
d)
The investment structure involved, over multiple jurisdictions, offshore
companies, a trust and several temporary bank accounts in different
currency denominations. Some of the accounts into which funds were
received as part of this structure were set up solely to transfer funds and
then closed. While there are often legitimate reasons for such complex
structures, firms must apply a higher level of due diligence in order to
satisfy themselves that there are sound economic or other reasons for
their use. Barclays accepted that in this case, it was for confidentiality
reasons. However, the Financial Crime Guide outlines that the use of
offshore companies (particularly those that are rapidly dissolved following
the flow of funds through them), trusts, and temporary accounts is also
common in the conduct of financial crime because these can obscure the
flow of funds obtained illegally or from an illegitimate source, or which are
to be used to fund illegal activities;
e)
At one point while arranging the Transaction, the Clients requested that
Barclays make a payment of several tens of millions of US dollars to a
third party. When Barclays questioned the rationale for that payment, the
request for the payment to be made to the third party was withdrawn.
While there could have been legitimate reasons for the proposed payment
and its subsequent retraction, Barclays should have considered whether
the reluctance to provide it with an explanation indicated a higher risk of
financial crime and whether it needed to apply a higher level of scrutiny in
respect of the Business Relationship;
f)
The Representation Letter may have indicated a reluctance on the part of
the Clients to provide further due diligence information to Barclays
following the establishment of the Business Relationship, including as part
of Barclays’ on-going monitoring of the risks of money laundering and
terrorist financing associated with the Business Relationship. Pursuant to
the Representation Letter, Barclays confirmed that it was satisfied that it
had performed all of the necessary account opening and related due
diligence processes in accordance with its legal and regulatory obligations.
It was not clear how the Representation Letter would impact Barclays’
ability to request further due diligence information should it be required.
There was a risk that it could have restricted Barclays’ ability to do so.
Barclays did not typically provide confirmations of this nature to its clients;
g)
Barclays agreed to extend the credit described in the Credit Side Letter.
The extension of credit to clients who use their own assets as collateral
poses a money laundering risk. In these circumstances, Barclays should
have taken additional steps to satisfy itself that the origin and source of
the funds for Transaction were legitimate;
h)
The funds invested in the Transaction were sent to Barclays in over 20
separate transfers. Barclays understood that the names of the Clients
would be identifiable on the transfers and it was relying on this to meet its
legal requirements to establish the source of the funds. However, the
names were omitted on the transfers. Barclays should have recognised
that this presented a higher risk of financial crime and challenged the
omission of such information; and
i)
Barclays relied on letters attesting to the source of funds for the
Transaction that were too general in nature and insufficient to allow
Barclays to independently satisfy its EDD obligations. Barclays should
have obtained independent evidence so as to satisfy itself of the source of
funds, especially given the size of the investment and other potential
indicators of a higher risk of financial crime.
4.18. The substantial number of factors described in paragraph 4.17 above indicated
that there was a higher risk of financial crime associated with the Business
Relationship. The 2007 Regulations required that Barclays, in such circumstances,
apply due diligence checks that were proportionate to and mitigated these risks,
specifically by obtaining more information about the Clients and the Transaction
than it would if these factors had not been present. However, for the reasons
given in paragraphs 4.19 to 4.52 below, Barclays failed to do so. In fact, Barclays
gathered less information than it was required to by its policies for its other
standard business relationships.
Failures in senior management oversight and approval
Failures in senior management oversight
4.19. It was unclear who, if anyone, within Barclays’ front office senior management at
the relevant time was responsible overall for overseeing Barclays’ handling of the
financial crime risks associated with the Business Relationship.
4.20. Overall, there was a lack of centralised co-ordination within Barclays to ensure
that roles and responsibilities were apportioned appropriately and that the right
people had the relevant information to make informed and appropriate decisions
about these financial crime risks.
Failures in approval
4.21. Pursuant to the 2007 Regulations, it was the responsibility of Barclays’ senior
management to approve Barclays’ entry into the Business Relationship, subject to
first having a sufficient understanding of the financial crime risks that were
associated with it. Only by understanding these potential risks would senior
managers be able to satisfy themselves, having regard to the nature and level of
such risks, that Barclays was not inadvertently allowing itself to be used to further
financial crime in the course of establishing the Business Relationship. The role of
Barclays’ front office senior management was particularly important in this
context. This is because front office staff typically develop strong personal
relationships with a firm’s clients, which can facilitate the collection of necessary
information to know the client’s business, including knowledge of the source(s) of
the client’s wealth.
4.22. Barclays had a standard process for approving its entry into business
relationships with PEPs. However, it did not fully apply this process to the
Business Relationship.
4.23. Specifically, Barclays’ usual process required the following approvals to be given:
a)
The front office was required to approve the entry into the business
relationship, and specifically that the PEP had been identified properly, had
a good reputation and legitimate source of wealth which was adequately
documented in line with Barclays’ due diligence procedures, and that
Barclays understood the nature of any financial crime risks associated with
the PEP; and
b)
Barclays’ compliance staff were required to approve any relationship with a
PEP by confirming that the relevant business area within Barclays had
classified the PEP appropriately (for example, that the Clients were
classified appropriately as Sensitive PEPs) and to confirm the front office’s
decision to proceed with the business relationship.
4.24. While several members of Barclays’ senior management were aware of and
endorsed the Transaction, there was no consistent understanding among the
senior managers who were working on the Transaction as to who would be
approving Barclays’ entry into the Business Relationship and the nature of the
approvals that they would each be giving. For example, during interviews with the
Authority, five different individuals were identified as giving part of the approval
referred to in paragraph 4.23(a) above.
4.25. Those who were identified on Barclays’ systems as having given the approval
referred to in paragraph 4.23(a) above did not know that they were named on
Barclays’ computer system as having given this approval. They did not accept
that they had this responsibility in interviews with the Authority. They did not
consider appropriately the adequacy of the EDD information obtained in relation
to the Clients or otherwise understand sufficiently the financial crime risks
associated with the Business Relationship (including all of the high risk features
referred to in paragraph 4.17 above). The approvals were given despite these
individuals not knowing the identities of the Clients, or having an understanding
of the potential financial crime risks. This was wholly inadequate.
4.26. The front office senior management assumed that the responsibility for assessing
the financial crime risks rested elsewhere. There was an overreliance by senior
management on Legal and Compliance to evaluate the EDD as part of Barclays’
assessment of the financial crime risks, despite the fact that senior management
were responsible for doing so.
4.27. On the basis of the EDD information available to it at that time (which, as outlined
in paragraphs 4.32 to 4.47 below, was inadequate) Legal and Compliance did
confirm that the appropriate level of EDD had been conducted, including that the
PEPs had been properly identified, and that the Clients’ sources of wealth were
legitimate. This was not compliant with Barclays’ usual procedures that required
the front office to give this confirmation. In addition, Legal and Compliance did
not have the benefit of the knowledge held by front office senior management
about the Business Relationship and a number of relevant issues that had
emerged during negotiations between the Clients and senior management.
4.28. The approvals referred to in paragraph 4.27 above were, in any event, given after
Barclays had received the funds to be used in the Transaction. If in fact Barclays
had identified any concerns regarding the source of funds as part of this approval
process, it would have been too late for Barclays to avoid handling the funds.
4.29. By not following its usual approval process to establish the Business Relationship
or an acceptable alternative process, Barclays made inappropriate exceptions for
the Clients to facilitate its entry into the Business Relationship. It applied lower
standards for giving such approval than it did for its other business relationships.
Insufficient consideration of risks
4.30. Barclays’ senior management failed to carry out a sufficiently comprehensive and
robust review of the financial crime risks associated with the Business
Relationship. It did not assess those risks appropriately, or consider sufficiently
whether they were within Barclays’ tolerance for such risks. Barclays chose not
to follow its standard processes for reviewing such risks because of the
confidentiality obligations that it agreed to adhere to in respect of the Business
Relationship. Typically, where Barclays was dealing with complex transactions or
PEPs, it would do one or more of the following:
a)
make a referral to the relevant Barclays risk committee. The risk
committee typically considered specific reputational risks associated with
Barclays’ high profile clients and transactions and assisted Barclays to
mitigate the likelihood of Barclays entering into potentially damaging or
inappropriate business relationships. However, the relevant risk
committee was not consulted in relation to the Business Relationship.
While some members of the relevant risk committee were briefed about
and were also involved in arranging and negotiating the Transaction, they
did not consider collectively or sufficiently the factors referred to in
paragraph 4.17;
b)
utilise Barclays’ internal risk expertise to conduct a detailed due diligence
analysis; and/or
c)
commission an independent third party intelligence report to clarify gaps in
Barclays’ understanding of the source and quantum of the Clients’ wealth.
4.31. Despite deciding that its usual procedures described above were not suitable for
the Business Relationship, Barclays failed to implement an acceptable alternative
process for considering such risks. In fact, Barclays applied a lower standard for
reviewing the financial crime risks associated with the Business Relationship than
it typically did for its other business relationships with PEPs.
Inadequate EDD
4.32. Prior to entering into the Business Relationship, Barclays should have gathered
detailed EDD information about the Clients, especially given that they had been
classified as Sensitive PEPs by Barclays. Such information should have informed
Barclays’ decision on whether or not to proceed with the Business Relationship
and, if Barclays determined that it was appropriate for it to do so, how Barclays
should mitigate the financial crime risks that were associated with it.
4.33. In determining the level and nature of the EDD information that it was required to
gather, Barclays should have identified and had regard to the higher risk
indicators referred to in paragraph 4.17 above. While these indicators may have
been identified and considered by some Barclays staff, they were not considered
holistically within Barclays and insufficient action was taken to mitigate them.
4.34. Given the existence of the higher risk indicators associated with the Transaction,
Barclays should have performed a more robust and thorough EDD process than it
normally would undertake for its other clients classified as Sensitive PEPs.
However, Barclays went to significant lengths to accommodate the Clients to
ensure that it won their business. Barclays’ approach was to request information
only if it was absolutely necessary and did not want to “irritate” the Clients with
multiple requests for due diligence information. This resulted in a number of
exceptions and Barclays ultimately failed to gather adequate EDD. In fact, the
standard of EDD applied by Barclays in respect of the Business Relationship was
much lower than that which it normally applied to other clients.
4.35. Firms that do not meet minimum standards for mitigating the risks of financial
crime may be perceived to have an unfair competitive (cost) advantage over
firms that are compliant. Effective enforcement action provides a significant
disincentive to non-compliance and therefore encourages firms to compete in
legitimate ways that benefit consumers.
Insufficient information about the purpose and nature of the Business
Relationship
4.36. Barclays failed to establish an adequate understanding of the purpose and
intended nature of the Clients’ investments in the Business Relationship such that
it could assess properly the potential financial crime risks associated with it. It
obtained only a brief oral explanation of the purpose of one of the Clients’
investments.
4.37. As a result of this failure, at no point was Barclays in a position to perform
adequately the enhanced ongoing monitoring referred to in paragraphs 4.48 to
4.50 below.
Insufficient corroboration of the Clients’ source of wealth
4.38. In higher risk situations such as the Business Relationship, it is not usually
sufficient for a firm simply to establish that its clients are wealthy without
identifying specific sources of wealth such as legacies, specific property
ownership, specific investments or business interests.
4.39. Barclays obtained one explanation about the Clients’ sources of wealth, which
described them as “landholdings, real estate and business and commercial
activities”. This was wholly inadequate and virtually meaningless in the context
of the due diligence that Barclays was required to undertake in connection with
the Business Relationship.
4.40. Barclays also relied on printouts from publicly available internet pages to verify
the Clients’ sources of wealth. However, while internet research can be a useful
source of information for firms carrying out EDD, the articles used by Barclays did
not provide sufficiently detailed, meaningful or reliable information as to the size
and source of the Clients’ wealth.
4.41. Barclays could have taken a number of steps to obtain more meaningful
information regarding the Clients’ sources of wealth, particularly in view of the
higher risk indicators identified in paragraph 4.17 above, including obtaining:
a)
a description of the Clients’ sources of wealth from the Clients themselves,
which was sufficiently detailed to enable Barclays to satisfy itself that the
Clients’ wealth had been legitimately obtained;
b)
independently verified documents evidencing the Clients’ sources of wealth
(for example, evidence of titles, copies of trust deeds, audited accounts
and/or bank statements); and/or
c)
as referred to in paragraph 4.30(b) and (c) above, a detailed due diligence
analysis utilising Barclays’ internal risk expertise and an independent third
party intelligence report regarding the source and quantum of the Clients’
wealth.
4.42. It was relatively common practice for Barclays to commission third party
intelligence reports on clients classified as Sensitive PEPs or where a client’s
source of wealth was not easy to corroborate with independently verifiable
evidence. However, a report of this nature was not commissioned in respect of
the Clients. Barclays’ senior management working on the Business Relationship
did not consider requesting this type of report or check whether such a report had
been commissioned.
4.43. Barclays failed to take steps with regard to the Transaction that it would normally
take to establish and corroborate the source of wealth of its other customers who
are PEPs. As a result, the standard of EDD applied was lower than that applied to
other clients, even those that were not considered to be Sensitive PEPs and with
regard to transactions that were significantly smaller in size.
Insufficient corroboration of the Clients’ source of funds
4.44. Barclays’ understanding was that the Clients’ names would be identifiable on the
transfers of their funds to Barclays for the Transaction. However, they were not.
Barclays should have challenged the omission of this information. Instead,
Barclays sought to verify the source of funds through attestation letters. The
attestation letters were too general in nature and insufficient to allow Barclays to
independently verify the Clients’ source of funds.
4.45. In situations such as the Business Relationship where there are several
indications of a heightened risk of financial crime, it is not sufficient for firms to
rely on very general attestations instead of obtaining independent evidence so as
to satisfy themselves as to the clients’ source of funds. They should obtain more
detailed evidence. This failure on the part of Barclays was particularly serious
since these attestations were received only after the funds for the Transaction
had been received by Barclays.
4.46. Accordingly, at the time the funds were transferred, Barclays was not in a position
to satisfy itself of the:
a)
identity of the accounts that the funds for the Transaction had come from;
b)
length of time that the funds had been in these accounts; and
c)
provenance of the funds that were in those accounts and ultimately used
for the Transaction.
4.47. Examples of the types of information that Barclays could have gathered in relation
to the Clients’ source of funds included the following:
a)
bank statements for the Clients’ accounts that contained the funds that
were used for the Transaction and antecedent accounts, which may have
provided further information about the matters referred to in paragraph
4.15(a) to (c) above;
b)
documentary evidence establishing the specific investments or business
interests that generated the funds that were ultimately used in the
Transaction (examples include title deeds, investment statements, trust
deeds, business accounts and/or commission contracts); and/or
c)
confirmation of the Client’s names on the SWIFT transfers pursuant to
which Barclays received the funds invested in the Transaction.
Inadequate enhanced ongoing monitoring
4.48. As the Clients were classified as Sensitive PEPs by Barclays, once the Business
Relationship was approved and the Transaction executed, Barclays was required
to conduct enhanced ongoing monitoring of the financial crime risks associated
with the Business Relationship for its entire duration. However, having failed to
obtain sufficient information about the purpose of the Clients’ investments as part
of the Transaction and the sources of the Clients’ wealth and funds, Barclays was
never in a position to monitor such risks appropriately on an ongoing basis.
4.49. Barclays decided to omit the names of the Clients from its internal electronic
systems in order to comply with the terms of the Confidentiality Agreement. As a
result, automated checks that would typically have been carried out against the
Clients’ names were not undertaken. Such checks would have included regular
overnight screenings of client names against sanctions and court order lists. If,
for example, the Clients had become the subjects of law enforcement proceedings
in any jurisdiction, Barclays could have been unaware of such a development. No
adequate alternative manual process for carrying out such checks was established
by Barclays.
4.50. While Barclays did put in place automated transaction monitoring on the
Transaction which was designed to identify potentially suspicious or unusual
activity, the threshold for triggering alerts under this system was not tailored to
the nature of the expected activity on the relevant accounts and was inadequate
in the absence of alternate manual monitoring of the account. As a result, a
number of significantly large payments made in connection with the Transaction
passed through Barclays monitoring system without triggering any alerts.
Inadequate record keeping
4.51. Barclays should have maintained adequate records of the EDD it undertook in
relation to the Business Relationship to demonstrate its compliance with the 2007
Regulations and ensure that it could quickly and easily respond to requests for
this information from the Authority if required.
4.52. When the Authority requested information from Barclays regarding the EDD
information it had gathered on the Clients, Barclays could not respond promptly
to this request. Some documents relating to the Business Relationship were held
by Barclays in hard copy in a safe purchased specifically for storing information
relating to the Business Relationship. This was Barclays’ alternative to storing the
records electronically. While there is nothing inherently wrong with keeping
documents in hard copy, they must be easily identifiable and retrievable.
However, few people within Barclays knew of the existence and location of the
safe. In addition, Barclays had to conduct manual searches for other information
in relation to the Business Relationship that had not been stored in the safe,
which took a substantial amount of resource and time to gather. This was
indicative of Barclays’ failure to put in place a robust process for storing and
retrieving such documents. Barclays was also overly reliant on undocumented
front office knowledge of the Clients during the EDD process. Such reliance on
undocumented staff knowledge is specifically highlighted in the Financial Crime
Guide as an example of poor practice.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Final Notice are referred to in Annex A.
5.2.
During the Relevant Period, Barclays breached Principle 2 by failing to identify,
assess, manage and monitor, with due skill, care and diligence, the financial
crime risks associated with the Business Relationship.
5.3.
Barclays failed to follow its own standard procedures, failed to implement any
adequate alternative procedures, and failed to have sufficient regard to the
JMLSG Guidance and other relevant guidance in issue during the Relevant Period.
Barclays focused on its objective of entering into the Business Relationship and
executing the Transaction quickly and on the exceptional confidentiality
restrictions in place, rather than on the importance of completing the EDD
required and making a careful and considered assessment of the potential
financial crime risks.
5.4.
Barclays failed to act with due skill, care and diligence in breach of Principle 2, in
particular:
a)
Having
classified
the
Clients
as
Sensitive
PEPs,
Barclays
failed
appropriately to respond to the higher risk indicators associated with the
Business Relationship (paragraphs 4.17(a) to 4.17(i) above). It did not
conduct a sufficiently comprehensive and robust review of the financial
crime risks associated with the Business Relationship (paragraphs 4.30 to
4.31);
b)
Barclays failed to oversee adequately its handling of the financial crime
risks that were associated with the Business Relationship. It entered into
the Business Relationship despite its failure to first have a sufficient
understanding of the financial crime risks that were associated with it. It
also failed to ensure that roles and responsibilities were apportioned
appropriately for the purpose of approving the Business Relationship
(paragraphs 4.19 to 4.29);
c)
Barclays failed to follow its standard procedures that it would normally
follow for establishing relationships with Sensitive PEPs or put acceptable
alternative procedures in their place. Barclays followed a less robust
process than it would have done for other business relationships with a
lower risk profile (paragraphs 4.30 to 4.31);
d)
Barclays failed to gather sufficient EDD information before entering into
the Business Relationship and in doing so, it failed to sufficiently
understand the purpose and intended nature of the Transaction and to
corroborate sufficiently the source of wealth and funds to be used in the
Business Relationship (paragraphs 4.32 to 4.47);
e)
Barclays did not undertake sufficient enhanced ongoing monitoring of the
potential financial crime risks that may have been associated with the
Business Relationship (paragraphs 4.48 to 4.50); and
f)
Barclays failed to maintain adequate records of the EDD it undertook in
connection with the Business Relationship and to ensure that those records
were readily identifiable and capable of retrieval (paragraphs 4.51 and
4.52).
6.
SANCTION
6.1.
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2.
The Authority’s policy on the imposition of financial penalties is set out in Chapter
6 of the Authority’s Decision Procedure & Penalties Manual (“DEPP”). In respect of
conduct occurring on or after 6 March 2010, the Authority applies a five-step
framework to determine the appropriate level of financial penalty. DEPP 6.5A sets
out the details of the five-step framework that applies in respect of financial
penalties imposed on firms.
Step 1: disgorgement
6.3.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to
quantify this.
6.4.
At the time Barclays entered into the Business Relationship, the Authority has
determined that Barclays had failed to comply with its obligations as described in
this Notice. Barclays should not in these circumstances have proceeded to
arrange and execute the Transaction. Accordingly, the Authority has determined
that Barclays derived a direct financial benefit in the form of the revenue it
recognised in relation to the arrangement and execution of the Transaction. This
revenue amounts to £52,300,000.
6.5.
The Authority does not make any finding that the £52,300,000 in revenue that
Barclays generated from the Transaction was derived from any financial crime.
6.6.
The Step 1 figure is therefore £52,300,000.
Step 2: the seriousness of the breach
6.7.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm that its breach may cause, that figure will be based on a
percentage of the firm’s revenue from the relevant products or business area.
6.8.
The Authority considers that the total revenue received by Barclays in relation to
the Business Relationship, £52,300,000 is indicative of the harm or potential
harm caused by its breach. The relevant revenue is therefore £52,300,000.
6.9.
In deciding on the percentage that forms the basis of the Step 2 figure, the
Authority considers the seriousness of the breach and chooses a percentage
between 0% and 20%. This range is divided into five fixed levels which represent,
on a sliding scale, the seriousness of the breach; the more serious the breach, the
higher the level. For penalties imposed on firms there are the following five
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.10. For the purposes of this case, the Authority has applied the same range of
percentages.
6.11. In assessing the seriousness level, the Authority takes into account various
factors which reflect the impact and nature of the breach, and whether it was
committed deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be
considered ‘level 4 or 5 factors’. Of these, the Authority considers the following
factor to be relevant:
a)
given the size of the Transaction and Barclays’ failures in carrying out due
diligence, the breach created a significant risk that financial crime could be
facilitated, occasioned or would otherwise occur. There was therefore a
serious risk of damaging confidence in the UK market.
6.12. The Authority also considers the following factors to be relevant:
a)
despite the involvement of a number of senior managers at various points
during the Business Relationship, Barclays failed to assess, manage and
monitor adequately the financial crime risks that were potentially
associated with the Business Relationship;
b)
the significant number of higher risk indicators should have prompted the
firm to apply a higher level of scrutiny to the financial crime risks
associated with the Business Relationship. Barclays failed to address these
and did not consider sufficiently whether the risks associated with the
Business Relationship were within its financial crime risk appetite. In fact,
the firm obtained less detailed information than it would have obtained for
other business relationships of a lower risk and failed to follow its own
procedures;
c)
Barclays expected to generate significant revenue from the Business
Relationship and potentially also by providing similar services to other
clients; and
d)
Barclays did not identify the issues associated with the Business
Relationship as outlined in this Notice and did not seek to address these
until the intervention of the Authority.
6.13. Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 15% of £52,300,000.
6.14. The Step 2 figure is therefore £7,845,000.
Step 3: mitigating and aggravating factors
6.15. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.16. The Authority considers that the following factors aggravate the breach:
a)
the Authority and the JMLSG have published a number of documents
highlighting the money laundering and terrorist financing risks associated
with firms entering into business relationships with PEPs and the standards
expected of firms when dealing with such customers. The most significant
publications include the JMLSG Guidance, Thematic Review and Financial
Crime Guide, which set out good practice examples to assist firms in
interpreting the 2007 Regulations. Given the number and detailed nature
of such publications, and past enforcement action taken by the Authority in
respect of similar failings by other firms, Barclays should have been aware
of the importance of appropriately assessing, managing and monitoring
the money laundering and terrorist financing risks that could have been
associated with the Business Relationship, particularly as the Clients were
classified as Sensitive PEPs; and
b)
Barclays’ previous disciplinary history:
i.
19 August 2009: £2.5 million penalty for breaches of Principles 2
and 3 relating to Barclays’ submissions of inaccurate transaction
reports to the Authority in an estimated 57.5 million transactions;
ii.
14 January 2011: £7.7 million penalty for breaches of Principle 9
and COBS 9.2.1R relating to the provision of unsuitable investment
advice to retail customers;
iii.
27 June 2012: £59.5 million penalty for breaches of Principles 2, 3
and 5 for misconduct relating to its submissions of rates which
formed part of LIBOR;
iv.
23 May 2014: £26 million penalty for breaches of Principles 3 and 8
for failing to manage conflicts of interest, as well as systems and
controls failings in relation to London Gold Fixing;
v.
23 September 2014: £37.7 million penalty for breaches of Principles
3 and 10 for failing to adequately handle and have adequate
systems and controls to protect £16.5 billion of its client assets;
and
vi.
20 May 2015: £284.4 million penalty for breaches of Principle 3 for
failing to take reasonable care to organise and manage its FX
business effectively.
6.17. Barclays has fully cooperated with the Authority’s investigation and has dedicated
significant time and resources in doing so. The Authority considers this a
mitigating factor.
6.18. Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 20%.
6.19. The Step 3 figure is therefore £9,414,000.
Step 4: Adjustment for deterrence
6.20. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.21. One of the Authority’s stated objectives when introducing its penalty policy on 6
March 2010 was to increase the level of penalties to ensure credible deterrence.
The Authority considers that penalties imposed under this policy should be
materially higher than penalties for similar breaches imposed pursuant to the
policy applicable before that date.
6.22. Without an adjustment for deterrence, the financial penalty would be £9,414,000.
Given the very serious nature of Barclays’ failings the Authority considers that a
penalty at this level would not be a sufficient to deter Barclays and other firms
from engaging in similar misconduct.
6.23. The Authority considers that in order to achieve credible deterrence, a multiplier
of three should be applied at Step 4.
6.24. The Step 4 figure is therefore £28,242,000.
Step 5: Settlement discount
6.25. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty that might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.26. The Authority and Barclays reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure. The Step 4 figure after the settlement discount is
therefore £19,769,400.
6.27. The total financial penalty including the Step 1 figure is £72,069,400 after
settlement discount.
6.28. The Authority therefore imposes a total financial penalty of £72,069,400 on
Barclays for breaching Principle 2.
7.
PROCEDURAL MATTERS
Decision maker
7.1.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.2.
This Final Notice is given under, and in accordance with, section 390 of the Act.
Manner of and time for payment
7.3.
The financial penalty must be paid in full by Barclays to the Authority by no later
than 9 December 2015, 14 days from the date of the Final Notice.
If the financial penalty is not paid
7.4.
If all or any of the financial penalty is outstanding on 10 December 2015, the
Authority may recover the outstanding amount as a debt owed by Barclays and
due to the Authority.
7.5.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those
provisions, the Authority must publish such information about the matter to which
this notice relates as the Authority considers appropriate. The information may
be published in such manner as the Authority considers appropriate. However,
the Authority may not publish information if such publication would, in the opinion
of the Authority, be unfair to Barclays or prejudicial to the interests of consumers
or detrimental to the stability of the UK financial system.
7.6.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.7.
For more information concerning this matter generally, contact Silvana Wood or
Lynda Vesco (direct line: 020 7066 2088 / 020 7066 7850) of the Enforcement
and Market Oversight Division of the Authority.
Guy Wilkes
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY PROVISIONS, REGULATORY REQUIREMENTS AND
GUIDANCE
1.
RELEVANT STATUTORY PROVISIONS
1.1.
The Authority’s operational objectives established in section 1B of the Act include
the strategic objective to ensure that the relevant markets function well and the
operational objective to protect and enhance the integrity of the UK financial
system.
1.2.
Section 206 of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed upon him by or under this Act, it may impose on him a
penalty, in respect of the contravention, of such amount as it appears
appropriate.”
2.
RELEVANT REGULATORY PROVISIONS
Principles for Businesses (PRIN)
2.1.
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers as set out in the
Act and reflect the Authority’s regulatory objectives.
2.2.
Principle 2 states:
“A firm must conduct its business with due skill, care and diligence.”
Decision Procedure and Penalties Manual (‘DEPP’)
2.3.
In exercising its power to issue a financial penalty, the Authority must have
regard to the relevant provisions in the Handbook of rules and guidance (the
2.4.
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act.
RELEVANT REGULATORY GUIDANCE
The Enforcement Guide
2.5.
The Enforcement Guide sets out the Authority’s approach to exercising its main
enforcement powers under the Act.
2.6.
Chapter 7 of the Enforcement Guide sets out the Authority’s approach to
exercising its power to impose a financial penalty.
2.7.
The Financial Crime Guide consolidates the Authority’s guidance on financial crime
and although it is not binding on firms, it refers to examples of good and poor
practice in managing the risks of financial crime which firms should have regard
to.
2.8.
The Financial Crime Guide is updated periodically. The version referred to in this
Notice is that which was in force in 2011. The most recent version of the Financial
Crime Guide was published on 27 April 2015.
The JMLSG Guidance
2.9.
The JMLSG Guidance outlines the legal and regulatory framework for anti-money
laundering/countering terrorist financing requirements and systems across the
financial services sector. It provides interpretation on the requirements of the
relevant law and legislation and indicates good industry practice through a
proportionate, risk-based approach. It is comprised of three parts.
2.10. The JMLSG Guidance provisions contained at paragraphs 2.11 to 2.29 below are
taken from the 2011 version of the guidance. The JMLSG Guidance is periodically
updated and the latest version was published on 20 November 2013.
Relevant Extracts from the JMLSG Guidance
Part I, Chapter 5.3, Application of CDD measures
2.11. Paragraph 5.3.1 states:
Applying CDD measures involves several steps. The firm is required to verify the
identity of customers and, where applicable, beneficial owners. Information on
the purpose and intended nature of the business relationship must also be
obtained.
2.12. Paragraph 5.3.20 states:
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business relationship
is in line with the firm’s expectation and to provide the firm with a meaningful
basis for ongoing monitoring. In some instances this will be self-evident, but in
many cases the firm may have to obtain information in this regard. Whether, and
to what extent, the customer has contact or business relationships with other
parts of the firm, its business or wider group can also be relevant, especially for
higher risk customers. The customer may have different risk profiles in different
parts of the business or group.
2.13. Paragraph 5.3.21 states:
A firm must understand the purpose and intended nature of the business
relationship or transaction to assess whether the proposed business relationship
is in line with the firm’s expectation and to provide the firm with a meaningful
basis for ongoing monitoring. In some instances this will be self-evident, but in
many cases the firm may have to obtain information in this regard.
Part I, Chapter 5.5, Enhanced due diligence
2.14. Paragraph 5.5.1 states:
A firm must apply EDD measures on a risk-sensitive basis in any situation which
by its nature can present a higher risk of money laundering or terrorist financing.
As part of this, a firm may conclude, under its risk-based approach, that the
information it has collected as part of the customer due diligence process (see
section 5.3) is insufficient in relation to the money laundering or terrorist
financing risk, and that it must obtain additional information about a particular
customer, the customer’s beneficial owner, where applicable, and the purpose
and intended nature of the business relationship.
2.15. Paragraph 5.5.2 states:
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and, where
applicable, their customers’ beneficial owners, for two principal reasons:
a)
to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and
b)
to provide a basis for monitoring customer activity and transactions, thus
increasing the likelihood that they will detect the use of their products and
services for money laundering and terrorist financing.
2.16. Paragraph 5.5.5 states
A firm should hold a fuller set of information in respect of those business
relationships it assessed as carrying a higher money laundering or terrorist
financing risk, or where the customer is seeking a product or service that carries
a higher risk of being used for money laundering or terrorist financing purposes.
2.17. Paragraph 5.5.6 states:
When someone becomes a new customer, or applies for a new product or service,
or where there are indications that the risk associated with an existing business
relationship might have increased, the firm should, depending on the nature of
the product or service for which they are applying, request information as to the
customer’s residential status, employment details, income, and other sources of
income, in order to decide whether to accept the application or continue with the
relationship. The firm should also consider whether or not there is a need to
enhance its activity monitoring in respect of the relationship. A firm should have a
clear policy regarding the escalation of decisions to senior management
concerning the acceptance or continuation of high-risk business relationships.
2.18. Paragraph 5.5.18 states:
Individuals who have, or have had, a high political profile, or hold, or have held,
public office, can pose a higher money laundering risk to firms as their position
may make them vulnerable to corruption. This risk also extends to members of
their immediate families and to known close associates. PEP status itself does not,
of course, incriminate individuals or entities. It does, however, put the customer,
or the beneficial owner, into a higher risk category.
2.19. Paragraph 5.5.25 states:
Firms are required, on a risk-sensitive basis, to:
-
have appropriate risk-based procedures to determine whether a customer
is a PEP;
-
obtain appropriate senior management approval for establishing a
business relationship with such a customer;
-
take adequate measures to establish the source of wealth and source of
funds which are involved in the business relationship or occasional
transaction; and
-
conduct enhanced ongoing monitoring of the business relationship.
2.20. Paragraph 5.5.30 states:
Guidance on the on-going monitoring of the business relationship is given in
section 5.7. Firms should remember that new and existing customers may not
initially meet the definition of a PEP, but may subsequently become one during
the course of a business relationship. The firm should, as far as practicable, be
alert to public information relating to possible changes in the status of its
customers with regard to political exposure. When an existing customer is
identified as a PEP, EDD must be applied to that customer.
Record keeping is an essential component of the audit trail that the ML
Regulations and FSA Rules seek to establish in order to assist in any financial
investigation and to ensure that criminal funds are kept out of the financial
system, or if not, that they may be detected and confiscated by the authorities.
Firms must retain records concerning customer identification and transactions as
evidence of the work they have undertaken in complying with their legal and
regulatory obligations, as well as for use as evidence in any investigation
conducted by law enforcement. FSA-regulated firms must take reasonable care to
make and keep adequate records appropriate to the scale, nature and complexity
of their businesses.
2.23. Paragraph 5.2 states:
Money launderers are attracted by the availability of complex products and
services that operate internationally within a reputable and secure wealth
management environment that is familiar with high value transactions. The
following factors contribute to the increased vulnerability of wealth management:
-
Wealthy and powerful clients – Such clients may be reluctant or unwilling
to provide adequate documents, details and explanations. The situation is
exacerbated where the client enjoys a high public profile, and where they
wield or have recently wielded political or economic power or influence;
-
Multiple and complex accounts – Clients often have many accounts in
more than one jurisdiction, either within the same firm or group, or with
different firms. In the latter situation it may be more difficult for an
institution to accurately assess the true purpose and business rationale
for individual transactions;
-
Cultures of confidentiality – Wealth management clients often seek
reassurance that their need for confidential business will be conducted
discreetly;
-
Concealment – The misuse of services such as offshore trusts and the
availability of structures such as shell companies helps to maintain an
element of secrecy about beneficial ownership of funds;
-
Countries with statutory banking secrecy – There is a culture of secrecy
in certain jurisdictions, supported by local legislation, in which wealth
management is available;
-
Countries where corruption is known, or perceived, to be a common
source of wealth;
-
Movement of funds – The transmission of funds and other assets by
private clients often involve high value transactions, requiring rapid
transfers to be made across accounts in different countries and regions of
the world;
-
The use of concentration accounts – i.e. multi-client pooled/omnibus type
accounts - used to collect together funds from a variety of sources for
onward transmission is seen as a potential major risk;
-
Credit – The extension of credit to clients who use their assets as
collateral also poses a money laundering risk unless the lender is satisfied
that the origin and source of the underlying asset is legitimate; and
-
Commercial activity - conducted through a personal account, or personal
activity conducted through a business account, so as to deceive the firm
or its staff.
2.24. Paragraph 5.4 states:
The role of the relationship manager is particularly important to the firm in
managing and controlling the money laundering or terrorist financing risks it
faces. Relationship managers develop strong personal relationships with their
clients, which can facilitate the collection of the necessary information to know
the client’s business, including knowledge of the source(s) of the client’s wealth.
However, wealthy clients often have business affairs and lifestyle that may make
it difficult to establish what is “normal” and therefore what may constitute
unusual behaviour.
2.25. Paragraph 5.9 states:
To control any risk of money laundering, the client’s justification for using
financial institutions, businesses or addresses in different jurisdictions should
always be subject to scrutiny before undertaking a transaction. To be able to view
and manage the risk of money laundering across the whole of the firm or group’s
business connections, they should consider nominating a manager to lead such
client relationships. The lead relationship manager should have access to
sufficient information to enable them to:
- know and understand the business structure; and
- determine whether or not there is cause to suspect the presence of money
laundering
Ordinarily, the level of diligence carried out in wealth management will be higher
than that needed for normal retail banking (see sector 1: Retail banking) or
investment management (see sector 9: Discretionary and advisory investment
management) purposes. A client’s needs will often entail the use of complex
products and fiduciary services, sometimes involving more than one jurisdiction,
including trusts, private investment vehicles and other company structures.
Where such legal vehicles and structures are used, it is important to establish
that their use is genuine.
2.27. Paragraph 5.16 states:
All new wealth management clients should be subject to independent review, and
appropriate management approval and sign off.
2.28. Paragraph 5.20 states:
Those types of client that pose a greater money laundering or terrorist financing
risk should be subject to a more stringent approval process. Their acceptance as
a client or the significant development of new business with an existing higher
risk client should be subject to an appropriate approval process. That process
might involve the highest level of business management for the wealth
management operation in the jurisdiction. Firms should consider restricting any
necessary delegation of that role to a recognised risk control function.
3.
RELEVANT EXTRACTS FROM THE MONEY LAUNDERING REGULATIONS
Meaning of customer due diligence measures
3.1.
Regulation 5 states:
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the
basis of documents, data or information obtained from a reliable and
independent source;
(b) identifying, where there is a beneficial owner who is not the customer,
the beneficial owner and taking adequate measures, on a risk-sensitive
basis, to verify his identity so that the relevant person is satisfied that he
knows who the beneficial owner is, including, in the case of a legal person,
trust or similar legal arrangement, measures to understand the ownership
and control structure of the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the
business relationship.
Application of customer due diligence measures
3.2.
Regulation 7 states:
(1) Subject to regulations 9, 10, 12, 13, 14, 16(4) and 17, a relevant person
must apply customer due diligence measures when he—
(a) establishes a business relationship;
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk
sensitive basis.
(3) A relevant person must –
(a) determine the extent of customer due diligence measures on a risk
sensitive basis depending on the type of customer, business relationship,
product or transaction; and
(b) be able to demonstrate to his supervisory authority that the extent of
the measures is appropriate in view of the risks of money laundering and
terrorist financing.
Enhanced customer due diligence and ongoing monitoring
3.3.
Regulation 8 states:
(1) A relevant person must conduct ongoing monitoring of a business
relationship.
(2) “Ongoing monitoring” of a business relationship means—
(a) scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the relevant person’s knowledge
of the customer, his business and risk profile; and
(b) keeping the documents, data or information obtained for the purpose
of applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures.
3.4.
Regulation 14 states:
(1) A relevant person must apply on a risk-sensitive basis enhanced customer
due diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of
money laundering or terrorist financing.
(4) A relevant person who proposes to have a business relationship or carry out
an occasional transaction with a politically exposed person must—
(a) have approval from senior management for establishing the business
relationship with that person;
(b) take adequate measures to establish the source of wealth and source
of funds which are involved in the proposed business relationship or
occasional transaction; and
(c) where the business relationship is entered into, conduct enhanced
ongoing monitoring of the relationship.
(5) In paragraph (4), “a politically exposed person” means a person who is—
(a) an individual who is or has, at any time in the preceding year, been
entrusted with a prominent public function by—
(i) a state other than the United Kingdom;
(ii) a Community institution; or
(iii) an international body,
including a person who falls in any of the categories listed in paragraph
4(1)(a) of Schedule 2;
(b) an immediate family member of a person referred to in sub-paragraph
(a), including a person who falls in any of the categories listed in
paragraph 4(1)(c) of Schedule 2; or
(c) a known close associate of a person referred to in sub-paragraph (a),
including a person who falls in either of the categories listed in paragraph
4(1)(d) of Schedule 2.