Decision Notice
DECISION NOTICE
1.
ACTION
1.1.
For the reasons given in this Notice and pursuant to Regulation 42 of the Money
Laundering Regulations 2007 (“the ML Regulations”), the Authority has decided to
impose on Standard Bank PLC (“Standard Bank”) a civil penalty of £7,640,400 for
failing to comply with Regulation 20(1) of the ML Regulations and other relevant
Regulations. The failings relate to Standard Bank’s anti-money laundering
(“AML”) controls over its commercial banking activities in the period between 15
December 2007 and 20 July 2011 (“the relevant period”).
1.2.
Standard Bank agreed to settle at an early stage of the Authority’s investigation.
It therefore qualified for a 30% (Stage 1) discount under the Authority’s executive
settlement procedures. Were it not for this discount, the Authority would have
imposed a financial penalty of £10,914,900 on Standard Bank.
2.
SUMMARY OF REASONS
2.1.
During the relevant period Standard Bank failed to comply with Regulation 20(1)
of the ML Regulations because it failed to take reasonable care to ensure that all
2
aspects of its AML policies and procedures were applied appropriately and
consistently in relation to corporate customers connected to politically exposed
persons (“PEPs”).
2.2.
The Authority has the operational objective of protecting and enhancing the
integrity of the UK financial system. The laundering of money through UK
financial institutions undermines the integrity of the UK financial services sector.
It is the responsibility of UK financial institutions to ensure that they minimise the
risk of being used for criminal purposes and, in particular, that they do not handle
the proceeds of crime.
2.3.
The Authority must, so far as is compatible with acting in a way which advances
the integrity and consumer protection objectives, discharge its general functions
in a way which promotes effective competition in the interests of consumers.
Firms that do not meet minimum standards for AML may be perceived to have an
unfair competitive (cost) advantage over firms that are compliant. Effective
enforcement action provides a significant disincentive to non-compliance and
therefore encourages firms to compete in legitimate ways that benefit consumers.
2.4.
As with any financial services activity, commercial banking business can be used
to launder money, particularly in the layering or integration stages of the money
laundering process. In order to forestall financial crime, banks operating in this
sector must have effective AML systems and controls in place ensuring that all the
participants in commercial banking transactions are subjected to effective and
appropriate due diligence. This is particularly important where the transaction
involves PEPs or other high risk customers.
2.5.
Guidance issued by the Joint Money Laundering Steering Group (“JMLSG”)
provides that where a corporate customer is known to be linked to a PEP, such as
through a directorship or shareholding, it is likely that this will put the customer
into a higher risk category, and that enhanced due diligence (“EDD”) measures
should therefore be applied. During the relevant period, Standard Bank had
business relationships with 5,339 corporate customers of which 282 were linked
to one or more PEPs.
2.6.
As part of its investigation, the Authority reviewed Standard Bank’s policies and
procedures and a sample of 48 corporate customer files, all of which had a
connection with one or more PEPs. The results of this review highlighted serious
weaknesses in the application of Standard Bank’s AML policies and procedures.
This meant that it did not consistently:
3
(1)
carry
out
adequate
EDD
measures
before
establishing
business
relationships with corporate customers that had connections with PEPs;
and
(2)
conduct the appropriate level of ongoing monitoring for existing business
relationships by keeping customer due diligence up to date.
2.7.
Standard Bank did in many cases take some steps towards applying EDD.
However, in the majority of the cases reviewed by the Authority, this level of EDD
was not sufficient to comply with Standard Bank’s own policies given the risks
involved.
2.8.
Standard Bank’s failings merit the imposition of a significant financial penalty.
The Authority considers these failings to be particularly serious because:
(1)
Standard Bank provided loans and other services to a significant number of
corporate customers who emanated from or operated in jurisdictions which
have been identified by industry recognised sources as posing a higher risk
of money-laundering;
(2)
Standard Bank identified issues relating to its ability to conduct ongoing
reviews of customer files early in the relevant period, but failed to take the
necessary steps to resolve the issues; and
(3)
the Authority has previously brought action against a number of firms for
AML deficiencies and has stressed to the industry the importance of
compliance with AML requirements.
2.9.
In deciding upon the appropriate disciplinary sanction, the Authority has taken
into account that:
(1)
Standard Bank improved its customer risk assessment process in April
2009 by introducing a more comprehensive risk classification process;
(2)
Standard Bank and its senior management have co-operated with the
Authority’s investigation and have taken significant steps at significant cost
towards remediating the issues identified, including seeking advice and
assistance from external consultants.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice.
“AML” means anti-money laundering
“the Authority” means the body corporate previously known as the Financial
Services Authority and renamed on 1 April 2013 as the Financial Conduct
“beneficial owner” means the term as defined in Regulation 6 of the ML
Regulations
“DEPP” means the Authority’s Decision Procedures and Penalties Guide
“EDD” means enhanced customer due diligence. The circumstances where EDD
should be applied are set out at Regulation 14 of the ML Regulations
“HMT” means HM Treasury
“JMLSG” means the Joint Money Laundering Steering Group
“JMLSG Guidance” means the guidance issued by the JMLSG on compliance with
the legal requirements in the ML Regulations, regulatory requirements in the
Authority Handbook and evolving practice within the financial services industry
from time to time
“the ML Regulations” means the Money Laundering Regulations 2007, which came
into force on 15 December 2007
“PEP” means Politically Exposed Person. A PEP is defined in the ML Regulations as
‘an individual who is or has, at any time in the preceding year, been entrusted
with a prominent public function’ and an immediate family member, or a known
close associate, of such a person. The definition only applies to those holding
such a position in a state outside the UK, or in a European Community institution
or an international body
“the relevant period” means 15 December 2007 to 20 July 2011
“SBG” means Standard Bank Group, which is incorporated in South Africa
“Standard Bank” means Standard Bank PLC
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)
5
4.
FACTS AND MATTERS
4.1.
Standard Bank is the UK subsidiary of SBG, South Africa’s largest banking group.
SBG is an international banking group with extensive operations in 18 African
countries and operations in 13 other countries outside of Africa.
4.2.
Standard Bank became authorised by the Authority on 1 December 2001. It
serves as the hub for all SBG’s international operations outside Africa,
predominantly offering corporate and investment banking services. In the UK the
majority of Standard Bank’s customers are corporate entities, from emerging
markets in industries such as mining, oil & gas, telecommunications,
infrastructure, agriculture and finance.
AML legal and regulatory obligations
4.3.
In order to prevent activities related to money laundering and terrorist financing,
firms are required by the ML Regulations to establish and maintain appropriate
and risk sensitive policies and procedures relating, amongst other things, to due
diligence measures and ongoing monitoring. The ML Regulations also provide
that a firm must be able to demonstrate to the Authority that the extent of the
due diligence and ongoing monitoring measures it applies is appropriate in view of
the risks of money laundering and terrorist financing it faces.
4.4.
The JMLSG is a body comprising the leading UK trade associations in the financial
services industry. Since 1990, the JMLSG has produced advice, which is approved
by an HMT Minister, for the financial services sector on AML controls. The JMLSG
Guidance during the relevant period provided guidance on compliance with the
legal requirements in the ML Regulations and evolving practice within the financial
services industry.
4.5.
The ML Regulations provide that when considering whether a failure to comply
with the ML Regulations has occurred, the Authority will have regard to whether a
firm has followed guidance issued by the Authority or approved by the HMT, such
as the JMLSG Guidance.
4.6.
Relevant extracts from the ML Regulations and JMLSG Guidance are set out in the
Annex to this Notice.
6
Customer Risk assessment
4.7.
The ML Regulations required Standard Bank to apply due diligence measures on a
risk sensitive basis. Where a customer poses a higher risk of money laundering,
EDD and enhanced ongoing monitoring should be applied. To determine the level
of money laundering and terrorist financing risk a prospective customer posed,
Standard Bank would conduct a customer risk assessment. Standard Bank’s
process for assessing these risks changed in April 2009, as set out below.
Customer risk assessment process – Pre April 2009
4.8.
Prior to April 2009 Standard Bank’s risk assessment process required staff to
determine the level of money laundering risk associated with prospective
customers by reference to the customer’s location and any identified high risk
factors. The process made clear what would constitute a high, medium or low risk
jurisdiction. However there was little guidance given to staff as to what other risk
factors they should consider, in particular in assessing whether a customer was
high risk. This was significant as high risk customer accounts required EDD and
enhanced ongoing monitoring.
4.9.
Of the 48 corporate customer files reviewed by the Authority, 31 involved
customer accounts opened during the relevant period, 14 of which were opened
prior to April 2009. In almost all of these cases it appeared that the customer
was assigned a medium or low risk rating based solely on the jurisdiction in which
they were incorporated (or in some cases the jurisdiction in which their parent
was incorporated). The Authority found clear high risk indicators on the majority
of these files which should have led to a high risk rating being assigned.
4.10. For example, two customers classified as medium risk, were both involved in the
mining of precious metals (an industry identified by Standard Bank as being high
risk), both incorporated in jurisdictions identified by Standard Bank as being of
high risk and both connected to PEPs. Despite these clear high risk factors, they
had been classified as medium risk as their parent companies were listed on
recognised investment exchanges.
Customer risk assessment process – Post April 2009
4.11. In April 2009 Standard Bank introduced a more comprehensive risk classification
process. Customers were classified as low, medium or high risk based on a
customer risk assessment matrix which considered a broad range of risk factors
7
relating to the customer’s profile, the jurisdiction in which they operated, their
business activities, and the products and services being offered to them.
4.12. However, while this improved the process by which staff classified customers as
low, medium or high risk, in practice this classification did not directly feed into
the level of due diligence carried out on files. Of the 48 files reviewed by the
Authority, 17 involved customer accounts opened after April 2009. The Authority
found that 15 of these customer accounts were correctly classified as high risk,
and so should have been subjected to EDD.
4.13. Standard Bank did in many cases take some steps towards applying EDD. This
included for example, verifying the customer’s business activities with
documentary evidence. However, in the majority of the cases reviewed by the
Authority this level of EDD was not sufficient given the risks involved. For
example, Standard Bank did not consistently verify the customer’s and/or related
PEP’s source of wealth or the funds to be used in business relationship as required
by its policies.
4.14. The decision as to the level of due diligence was separate from the risk rating and
remained heavily influenced by the jurisdiction in which the customer was
incorporated. For example, a number of customers deemed to pose a high risk of
money laundering did not have a sufficient level of EDD applied to them by virtue
of being incorporated in a low or medium risk jurisdiction.
Enhanced due diligence
4.15. The ML Regulations stipulate that EDD must be applied in certain circumstances
and in any situation which, by its nature, presents a higher risk of money
laundering.
4.16. Standard Bank’s policies set out various steps that staff were required to carry out
or consider when applying EDD. These included verifying with documentary
evidence corporate ownership structures, the customer’s (and where applicable
the associated PEP’s) source of wealth and the source of funds to be used in the
relationship.
4.17. Standard Bank carried out due diligence for all new customers and in many cases
attempted to apply EDD. However, as a result of the issues with Standard Bank’s
risk assessment process explained above, in the majority of the files that the
Authority reviewed the level of EDD was insufficient given the risks involved. In a
number of cases the Authority found clear deficiencies, such as corporate
customers’ source of wealth not being verified and corporate ownership structures
not being fully verified with documentary evidence as required by Standard
Bank’s policies.
4.18. For example, in one of the files reviewed, the customer, a listed company in a
high risk jurisdiction, operating in a high risk industry, was majority owned by a
private company. Although Standard Bank believed it knew the identity of the
customer’s ultimate beneficial owner, it was unable to obtain sufficient
documentary evidence to verify the ownership structure of the privately owned
parent company. A request to waive this verification requirement was made to
Standard Bank’s compliance department. The waiver was granted on the basis
that:
“[The Company] is a well-established, managed and listed company in [High Risk
Jurisdiction]. Although, we do not have all the details of single largest shareholder
of the company, the founder and his brother remained the key men of the
company. Lacking of such information would not have a significant negative
impact on our bank’s position as compared with [Company’s] other existing
banks.”
4.19. The failure to verify the ownership structure of this high risk customer meant
Standard Bank could not be certain who it was conducting business with, creating
an unacceptable risk of handling the proceeds of crime.
Application of Simplified Due Diligence
4.20. The ML Regulations identify specific situations where a firm is not required to
apply due diligence, such as where the customer is a credit or financial institution
subject to the requirements of the Money Laundering Directive 2005, or where a
customer is listed on a regulated market. This provision however, is subject to
the requirement that firms must nevertheless apply on a risk sensitive basis EDD
and enhanced ongoing monitoring in specific situations, such as where the
customer is identified as being a PEP, or in situations where by its nature can
present a higher risk of money laundering or terrorist financing.
4.21. The Authority identified five files in its review opened during the relevant period
which qualified for simplified due diligence for customer identification purposes.
Four of these files had been classified by Standard Bank as posing a high risk of
money laundering or terrorist financing and the fifth was classified as low risk
despite high risk indicators recorded in the customer risk assessment which
should have resulted in a high rating being applied. As such, although they may
have qualified for simplified due diligence for customer identification purposes, in
order for Standard Bank to understand the risks posed by each customer they
should still have been subjected to EDD. While Standard Bank did recognise the
risk associated with the customers merited undertaking additional due diligence,
for example in one case by commissioning a third party report on three of the
company’s beneficial owners, it did not do this to the standard required by its own
policies.
Ongoing monitoring
4.22. In accordance with the ML Regulations, a firm must conduct ongoing monitoring
of all business relationships. Ongoing monitoring is a separate, but related,
obligation from the requirement to carry out due diligence.
4.23. Ongoing monitoring includes keeping relevant customer information up to date
through regular reviews of the customer relationship and monitoring of customer
transactions to ensure that they are consistent with the firm’s knowledge of the
customer, its business and risk profile. A firm must scrutinise a customer’s
transactions on a risk-sensitive basis to identify any unusual or suspicious activity
that may be related to money laundering.
4.24. Throughout the relevant period, Standard Bank undertook manual and automated
monitoring of customer transactions. However, Standard Bank was behind in its
reviews of customer relationships.
4.25. Standard Bank’s policies and procedures set out the minimum requirements of
what customer reviews should include, as well as requiring that appropriate
records of the work undertaken and results be maintained. In accordance with
these policies and procedures, Standard Bank was required to review high risk
customer relationships annually, medium risk relationships every two years and
low risk relationships every three years.
4.26. Of the 48 customer files reviewed by the Authority, 38 should have been subject
to at least one review during the relevant period. However, in all but two files,
the Authority found significant gaps in the frequency of reviews, most of which
significantly exceeded the limits for frequency set out in Standard Bank’s policies.
4.27. This included a customer identified as posing a high risk of money laundering,
which as such should have been reviewed annually, but was reviewed only twice
in more than six and a half years. The Authority also noted six customers deemed
to require review every six months, which had not been reviewed at all during the
relevant period, despite the relevant accounts being open for at least a year and
in some cases over three years.
4.28. This failing was systemic across Standard Bank, impacting 4,300 of its 5,339
customers (80%).
4.29. These failings meant that changes to a customer’s risk profile, including those
that had the potential to increase significantly the money laundering risks posed
by the customer, would not necessarily have been highlighted and given full
consideration. They may also have had an impact on Standard Bank’s ability to
conduct effective transaction monitoring.
5.
FAILINGS
5.1.
The statutory and regulatory provisions relevant to this Decision Notice are
referred to in the Annex to this Notice.
5.2.
During the relevant period Standard Bank failed to comply with Regulation 20(1)
of the ML Regulations because it failed to take reasonable care to ensure that all
aspects of its AML policies and procedures were applied appropriately and
consistently in relation to corporate customers connected to PEPs. This meant
that Standard Bank did not consistently:
(1)
demonstrate that all relevant risk factors had been taken into account
when determining the level of money laundering risk that prospective
corporate customers posed;
(2)
apply appropriate risk ratings to corporate customers given the identified
risk factors;
(3)
carry
out
adequate
EDD
measures
before
establishing
business
relationships with corporate customers that had connections with PEPs;
and
(4)
conduct the appropriate level of ongoing monitoring of existing customer
files periodically to ensure the information and risk assessment was up-to-
date and that the activity on accounts was consistent with expected
activity.
5.3.
These weaknesses in Standard Bank’s AML systems and controls resulted in an
unacceptable risk that Standard Bank could have been used by corporate
customers to launder the proceeds of crime.
5.4.
As well as Regulation 20(1), Standard Bank’s conduct failed to comply with ML
Regulations 7(1) to (3), 8(1) and (3) and 14(1).
6.
SANCTION
6.1.
Regulation 42(1) of the ML Regulations provides that the Authority may impose a
penalty of such amount as it considers appropriate on a relevant person who fails
to comply with the ML Regulations at issue in this Notice.
6.2.
The Authority has concluded that a financial penalty is the appropriate sanction in
the circumstances of this particular case.
6.3.
Paragraph 19.82 of the Enforcement Guide states that, when imposing or
determining the level of a financial penalty under the ML Regulations, the
Authority's policy includes having regard, where relevant, to relevant factors in
DEPP 6.2.1G and DEPP 6.5 to DEPP 6.5D.
6.4.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. Changes to DEPP were introduced on 6 March 2010. Given that Standard
Bank’s misconduct occurred both before and after that date, the Authority has had
regard to the provisions of DEPP in force before and after that date.
Failings prior to 6 March 2010
6.5.
In determining the financial penalty to be attributed to Standard Bank’s
misconduct prior to 6 March 2010, the Authority has had particular regard to the
6.6.
The principal purpose of a financial penalty is to promote high standards of
regulatory conduct by deterring firms who have breached regulatory requirements
from committing further contraventions, helping to deter other firms from
committing contraventions and demonstrating generally to firms the benefits of
compliant behaviour.
The nature, seriousness and impact of the breach
6.7.
The Authority has had regard to the seriousness of the failure to comply with the
ML Regulations, including the nature of the requirements breached and the
number and duration of the breaches. While the Authority notes that Standard
Bank improved its customer risk assessment process in April 2009, for the
reasons set out in paragraph 2.8 of this notice, the Authority considers that
Standard Bank’s failings are of a serious nature.
The extent to which the failings were deliberate or reckless
6.8.
The Authority does not consider that Standard Bank deliberately or recklessly
contravened regulatory requirements.
The size and resources of the firm
6.9.
The Authority has considered Standard Bank’s size and financial resources. There
is no evidence to suggest that Standard Bank is unable to pay the penalty.
Disciplinary record and compliance history
6.10. The Authority has taken into account the fact that Standard Bank has not been
the subject of previous disciplinary action.
Conduct following the breach
6.11. Since the commencement of the Authority’s investigation, Standard Bank has
worked in an open and cooperative manner with the Authority.
Other action taken by the Authority
6.12. In determining whether and what financial penalty to impose on Standard Bank,
the Authority has taken into account action taken by the Authority in relation to
other authorised persons for comparable behaviour.
Authority guidance and other published material
6.13. Pursuant to Regulation 42(3), the Authority has had regard to whether Standard
Bank followed the relevant provisions of the JMLSG Guidance when considering
whether to take action in respect a failure to comply with the ML Regulations.
Penalty for breaches prior to 6 March 2010
6.14. Taking the above factors into consideration, the Authority considers a financial
penalty of £3,000,000 is appropriate in relation to Standard Bank’s failings in the
period prior to 6 March 2010.
Failings on or after 6 March 2010
6.15. In respect of conduct occurring on or after 6 March 2010, the Authority applies a
five-step framework to determine the appropriate level of financial penalty. DEPP
6.5A sets out the details of the five-step framework that applies in respect of
financial penalties imposed on firms.
Step 1: disgorgement
6.16. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to
quantify this. The Authority has not identified any financial benefit that Standard
Bank derived directly from its failings.
6.17. Step 1 is therefore £0.
Step 2: the seriousness of the failings
6.18. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the failings. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm that its breach may cause, that figure will be based on a
percentage of the firm’s revenue from the relevant products or business area.
6.19. The Authority considers that the revenue generated by Standard Bank is
indicative of the harm or potential harm caused by its failings. The Authority
considers Standard Bank’s relevant revenue for this period to be £50,253,520.
6.20. In deciding on the percentage of the relevant revenue that forms the basis of the
Step 2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels
which represent, on a sliding scale, the seriousness of the failings; the more
serious the failings, the higher the level. For penalties imposed on firms there are
the following five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.21. In assessing the seriousness level, the Authority takes into account various
factors which reflect the impact and nature of the breach, and whether it was
committed deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be
considered ‘level 4 or 5 factors’. Of these, the Authority considers the following
factors to be relevant:
(1)
“the breach revealed serious or systemic weaknesses in the firm’s
procedures or in the management systems or internal controls relating to
all or part of the firm’s business.” Standard Bank’s failings relating to
ongoing monitoring were systemic: they applied to all of its corporate
customers and were not limited those that had connections with PEPs.
(2)
“the breach created a significant risk that financial crime would be
facilitated, occasioned or otherwise occur.” While the Authority’s
investigation did not assess whether any of Standard Bank’s clients were
involved in criminal activity, Standard Bank’s failings created an
unacceptable risk that it could have handled the proceeds of crime.
6.22. Taking all of these factors into account, the Authority considers the seriousness of
the failings to be level 4 and so the Step 2 figure is 15% of £50,253,520.
6.23. Step 2 is therefore £7,538,028.
Step 3: mitigating and aggravating factors
6.24. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.25. The Authority considers that the following factor aggravates the failings:
(1)
The Authority has previously brought action against a number of firms for
AML deficiencies and has stressed to the industry the importance of
compliance with AML requirements.
6.26. The Authority considers that the following factor mitigates the failings:
(1)
Standard Bank cooperated with the investigation and has taken significant
steps at significant cost towards remediating the issues identified including
seeking advice and assistance from external consultants.
6.27. Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 5%.
6.28. Step 3 is therefore £7,914,929.
Step 4: adjustment for deterrence
6.29. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.30. The Authority considers that the Step 3 figure of £7,914,929 represents a
sufficient deterrent to Standard Bank and others, and so has not increased the
penalty at Step 4.
6.31. Step 4 is therefore £7,914,929.
Step 5: settlement discount
6.32. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have
been payable will be reduced to reflect the stage at which the Authority and the
firm reached agreement. The settlement discount does not apply to the
disgorgement of any benefit calculated at Step 1.
6.33. The Authority and Standard Bank reached agreement at Stage 1 and so a 30%
discount applies to the total financial penalty imposed for Standard Bank’s
failings.
6.34. The total financial penalty imposed, after Stage 1 discount, is therefore
£7,640,400.
7.
PROCEDURAL MATTERS
Decision maker
7.1.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.2.
This Decision Notice is given in accordance with Regulation 42(7) of the ML
Regulations.
Access to Evidence
7.3.
The Authority grants to the person to whom this Notice is given access to:
(1)
the material upon which the Authority has relied in deciding to give this
Notice; and
(2)
any secondary material which, in the opinion of the Authority, might
undermine that decision.
7.4.
There is no such secondary material.
Manner of and time for payment
7.5.
The financial penalty must be paid in full by Standard Bank to the Authority by no
later than 5 February 2014, 14 days from the date of the Decision Notice.
If the financial penalty is not paid
7.6.
If all or any of the financial penalty is outstanding on 6 February 2014, the
Authority may recover the outstanding amount as a debt owed by Standard Bank
and due to the Authority.
7.7.
The Authority will publish such information about the matter to which this
Decision Notice relates as the Authority considers appropriate. The information
may be published in such manner as the Authority considers appropriate.
However, the Authority will not publish information if such publication would, in
the opinion of the Authority, be unfair to the person to whom this Decision Notice
relates or prejudicial to the interests of consumers or detrimental to the stability
of the UK financial system.
Authority contacts
7.8.
For more information concerning this matter generally, contact Guy Wilkes at the
Authority (direct line: 020 7066 7574).
Tracey McDermott
Settlement Decision Maker,
acting for and on behalf of the Authority
Settlement Decision Maker,
acting for and on behalf of the Authority
ANNEX
Relevant extracts from the Money Laundering Regulations 2007
Meaning of customer due diligence measures
1.
Regulation 5 states:
“Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent
source;
(b) identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to
verify his identity so that the relevant person is satisfied that he knows who
the beneficial owner is, including, in the case of a legal person, trust or
similar legal arrangement, measures to understand the ownership and
control structure of the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business
relationship.
Meaning of beneficial owner
2.
Regulation 6 states:
(1) In the case of a body corporate, “beneficial owner” means any individual who—
(a) as respects any body other than a company whose securities are listed on a
regulated market, ultimately owns or controls (whether through direct or
indirect ownership or control, including through bearer share holdings) more
than 25% of the shares or voting rights in the body; or
(b) as respects any body corporate, otherwise exercises control over the
management of the body.
(2) In the case of a partnership (other than a limited liability partnership),
“beneficial owner” means any individual who—
(a) ultimately is entitled to or controls (whether the entitlement or control is
direct or indirect) more than a 25% share of the capital or profits of the
partnership or more than 25% of the voting rights in the partnership; or
(b) otherwise exercises control over the management of the partnership.
Application of customer due diligence measures
3.
Regulation 7 states:
(1) Subject to regulations 9, 10, 12, 13, 14, 16(4) and 17, a relevant person must
apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information
previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.
(3) A relevant person must—
(a) determine the extent of customer due diligence measures on a risk-sensitive
basis depending on the type of customer, business relationship, product or
transaction; and
(b) be able to demonstrate to his supervisory authority that the extent of the
measures is appropriate in view of the risks of money laundering and
terrorist financing.
Ongoing monitoring
4.
Regulation 8 states:
(1) A relevant person must conduct ongoing monitoring of a business relationship.
(2) “Ongoing monitoring” of a business relationship means—
(a) scrutiny of transactions undertaken throughout the course of the relationship
(including, where necessary, the source of funds) to ensure that the
transactions are consistent with the relevant person’s knowledge of the
customer, his business and risk profile; and
(b) keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under
paragraph (1) as it applies to customer due diligence measures.
Simplified due diligence
5.
Regulation 13 states:
(1) A relevant person is not required to apply customer due diligence measures in
the circumstances mentioned in regulation 7(1)(a), (b) or (d) where he has
reasonable grounds for believing that the customer, transaction or product
related to such transaction, falls within any of the following paragraphs.
(2) The customer is—
(a) a credit or financial institution which is subject to the requirements of the
money laundering directive; or
(b) a credit or financial institution (or equivalent institution) which—
(i) is situated in a non-EEA state which imposes requirements equivalent to
those laid down in the money laundering directive; and
(ii) is supervised for compliance with those requirements.
(3) The customer is a company whose securities are listed on a regulated market
subject to specified disclosure obligations.
Enhanced customer due diligence and ongoing monitoring
6.
Regulation 14 states:
(1) A relevant person must apply on a risk sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring –
(a) In accordance with paragraphs (2) to (4);
(b) In any other situation which by its nature can present a higher risk of money
laundering or terrorist financing.
Policies and procedures
7.
Regulation 20 states:
(1) A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to-
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and
procedures-
(a) which provide for the identification and scrutiny of-.
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic or
visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;
(b) which specify the taking of additional measures, where appropriate, to
prevent the use for money laundering or terrorist financing of products and
transactions which might favour anonymity;
(c) to determine whether a customer is a politically exposed person;
Power to impose civil penalties
8.
Regulation 42 states:
(1) A designated authority may impose a penalty of such amount as it considers
appropriate on a relevant person who fails to comply with any requirement in
regulation 7(1), (2) or (3), 8(1) or (3), 9(2), 10(1), 11(1), 14(1), 15(1) or (2),
16(1), (2), (3) or (4), 19(1), (4), (5) or (6), 20(1), (4) or (5), 21, 26, 27(4) or
33 or a direction made under regulation 18 and, for this purpose, “appropriate”
means effective, proportionate and dissuasive.
(2) The designated authority must not impose a penalty on a person under
paragraph (1) where there are reasonable grounds for it to be satisfied that the
person took all reasonable steps and exercised all due diligence to ensure that
the requirement would be complied with.
(3) In deciding whether a person has failed to comply with a requirement of these
Regulations, the designated authority must consider whether he followed any
relevant guidance which was at the time—
(a) issued by a supervisory authority or any other appropriate body;
(b) approved by the Treasury; and
(c) published in a manner approved by the Treasury as suitable in their opinion
to bring the guidance to the attention of persons likely to be affected by it.
(4) In paragraph (3), an “appropriate body” means any body which regulates or is
representative of any trade, profession, business or employment carried on by
(6) Where the Authority, the OFT or DETI proposes to impose a penalty under this
regulation, it must give the person notice of—
(a) its proposal to impose the penalty and the proposed amount;
(b) the reasons for imposing the penalty; and
(c) the right to make representations to it within a specified period (which may
not be less than 28 days).
(7) …
(8) A penalty imposed under this regulation is payable to the designated authority
which imposes it.
Relevant extracts from the JMLSG Guidance
Part I, Chapter 5.3 Application of CDD measures
1.
Paragraph 5.3.11 states:
The verification requirements under the ML Regulations are, however, different as
between a customer and a beneficial owner. The identity of a customer must be
verified on the basis of documents, data or information obtained from a reliable and
independent source. The obligation to verify the identity of a beneficial owner is for
the firm to take risk-based and adequate measures so that it is satisfied that it
knows who the beneficial owner is. It is up to each firm to consider whether it is
appropriate, in light of the money laundering or terrorist financing risk associated
with the business relationship, to make use of records of beneficial owners in the
public domain (if any exist), ask their customers for relevant data, require evidence
of the beneficial owner’s identity on the basis of documents, data or information
obtained from a reliable and independent source or obtain the information
otherwise.
2.
Paragraph 5.3.12 states:
In low risk situations, therefore, it may be reasonable for the firm to confirm the
beneficial owner’s identity based on information supplied by the customer. This
could include information provided by the customer (including trustees or other
representatives whose identities have been verified) as to their identity, and
confirmation that they are known to the customer. While this may be provided
orally or in writing, any information received orally should be recorded in written
form by the firm.
3.
Paragraph 5.3.119 states:
Where an entity is known to be linked to a PEP (perhaps through a directorship or
shareholding), or to a jurisdiction assessed as carrying a higher money
laundering/terrorist financing risk, it is likely that this will put the entity into a
higher risk category, and that enhanced due diligence measures should therefore
be applied (see sections 5.5 and 5.7).
4.
Paragraph 5.3.177 states:
Following its assessment of the money laundering or terrorist financing risk
presented by the entity, the firm may decide to verify the identity of one or more of
the partners/owners as customers. In that event, verification requirements are
likely to be appropriate for partners/owners who have authority to operate an
account or to give the firm instructions concerning the use or transfer of funds or
assets; other partners/owners must be verified as beneficial owners, following the
guidance in paragraphs 5.3.11 and 5.3.12.
Part I, Chapter 5.5 Enhanced due diligence
5.
Paragraph 5.5.1 states:
A firm must apply EDD measures on a risk-sensitive basis in any situation which by
its nature can present a higher risk of money laundering or terrorist financing. As
part of this, a firm may conclude, under its risk-based approach, that the standard
evidence of identity is insufficient in relation to the money laundering or terrorist
financing risk, and that it must obtain additional information about a particular
customer.
6.
Paragraph 5.5.2 states:
As a part of a risk-based approach, therefore, firms should hold sufficient
information about the circumstances and business of their customers and, where
applicable, their customers’ beneficial owners, for two principal reasons:
to inform its risk assessment process, and thus manage its money
laundering/terrorist financing risks effectively; and
to provide a basis for monitoring customer activity and transactions, thus
increasing the likelihood that they will detect the use of their products and
services for money laundering and terrorist financing.
7.
Paragraph 5.5.5 states:
A firm should hold a fuller set of information in respect of those customers, or
class/category of customers, assessed as carrying a higher money laundering or
terrorist financing risk, or who are seeking a product or service that carries a higher
risk of being used for money laundering or terrorist financing purposes.
8.
Paragraph 5.5.9 states:
The ML Regulations prescribe three specific types of relationship in respect of which
EDD measures must be applied. These are:
(a) where the customer has not been physically present for identification
purposes;
(b) in respect of a correspondent banking relationship;
(c) in respect of a business relationship or occasional transaction with a PEP.
9.
Paragraph 5.5.30 states:
Guidance on the on-going monitoring of the business relationship is given in section
5.7. Firms should remember that new and existing customers may not initially
meet the definition of a PEP, but may subsequently become one during the course
of a business relationship. The firm should, as far as practicable, be alert to public
information relating to possible changes in the status of its customers with regard
to political exposure. When an existing customer is identified as a PEP, EDD must
be applied to that customer.
Part I, Chapter 5.7 Monitoring customer activity
10.
Paragraph 5.7.1 states:
Firms must conduct ongoing monitoring of the business relationship with their
customers. Ongoing monitoring of a business relationship includes:
Scrutiny of transactions undertaken throughout the course of the
relationship (including, where necessary, the source of funds) to ensure
that the transactions are consistent with the firm’s knowledge of the
customer, his business and risk profile;
Ensuring that the documents, data or information held by the firm are kept
up to date.
11.
Paragraph 5.7.2 states:
Monitoring customer activity helps identify unusual activity. If unusual activities
cannot be rationally explained, they may involve money laundering or terrorist
financing. Monitoring customer activity and transactions that take place
throughout a relationship helps firms know their customers, assist them to assess
risk and provides greater assurance that the firm is not being used for the purposes
of financial crime.
12.
Paragraph 5.7.3 states:
The essentials of any system of monitoring are that:
it flags up transactions and/or activities for further examination;
these reports are reviewed promptly by the right person(s); and
appropriate action is taken on the findings of any further examination.
13.
Paragraph 5.7.12 states:
Higher risk accounts and customer relationships require enhanced ongoing
monitoring. This will generally mean more frequent or intensive monitoring.