Final Notice

On , the Financial Conduct Authority issued a Final Notice to Turkish Bank (UK) Ltd

____________________________________________________________


DECISION NOTICE

_______________________________________________________________________

To:
Turkish Bank (UK) Ltd

FSA ref. no.: 204566

TAKE NOTICE that the Financial Services Authority of 25 The North Colonnade,
Canary Wharf, London E14 5HS has decided to take the following action:

1.
ACTION

1.1.
For the reasons given in this Notice and pursuant to regulation 42 of the Money
Laundering Regulations 2007 (the ML Regulations), the FSA has decided to
impose on Turkish Bank (UK) Ltd (TBUK or the Firm) a civil penalty of
£294,000 for breaches of the ML Regulations in relation to the Firm’s anti-money
laundering and counter terrorist financing (AML) controls over its correspondent
banking activities in the period between 15 December 2007 and 3 July 2010 (the
Relevant Period).

1.2.
TBUK agreed to settle at an early stage of the FSA’s investigation. It therefore
qualified for a 30% (Stage 1) discount under the FSA’s executive settlement
procedures. Were it not for this discount, the FSA would have imposed a
financial penalty of £420,000 on TBUK.

2.
SUMMARY OF REASONS

2.1.
For more than two and a half years, TBUK breached the ML Regulations by
failing to:

(1)
establish and maintain appropriate and risk-sensitive AML policies and
procedures for its correspondent banking relationships;

(2)
carry out adequate due diligence on and ongoing monitoring of the Firm’s

customers acting as respondent banks in TBUK’s correspondent banking
relationships (the Respondent(s)) and reconsider these relationships when
this was not possible; and

(3)
maintain adequate records relating to the above.

2.2.
These breaches gave rise to an unacceptable risk that TBUK could have been
used to further money laundering. The Firm’s Respondents were from
jurisdictions (Turkey and Northern Cyprus) which did not have UK-equivalent
AML requirements in place in the Relevant Period. In addition, correspondent
banking poses a high risk of money laundering and £114.48m flowed through
TBUK’s correspondent banking accounts in the Relevant Period to which TBUK
did not apply the AML controls required by the ML Regulations. It is accepted
that of the total £114.48m figure, approximately £21m derived from TBUK’s pre-
existing customers for whom appropriate due diligence had previously been
conducted by TBUK.

2.3.
Any references in this Notice to breaches of the ML Regulations by TBUK only
concern the Firm’s activities as a correspondent bank in the Relevant Period.

2.4.
A failure to take steps to prevent the laundering of money through UK institutions
undermines the UK financial services sector. It is the responsibility of UK firms
to ensure that they are not used for criminal purposes and, in particular, that they
do not handle the proceeds of crime. Unless firms have in place robust AML
systems and controls, particularly with regard to high risk customers and
transactions, they risk leaving themselves open to money laundering. This action
supports the FSA’s statutory objectives of reducing financial crime and
maintaining market confidence.

Summary of breaches

2.5.
In the Relevant Period, TBUK breached regulations 7(1), (2) and (3), 8, 11(1),
14(1) and 14(3), 19(1) and 20(1) of the ML Regulations. In particular, TBUK
failed to:

(1)
establish and maintain appropriate and risk-sensitive policies and
procedures for assessing and managing the level of money laundering risk
posed by its Respondents;

(2)
establish and maintain appropriate and risk-sensitive procedures for
carrying out the required level of due diligence on and ongoing monitoring
of its existing Respondents;

(3)
establish and maintain appropriate and risk-sensitive procedures for
keeping records of risk assessments, required due diligence and ongoing
monitoring carried out in relation to its Respondents;

(4)
carry out required due diligence and enhanced due diligence in relation to
its Respondents;

(5)
conduct required enhanced ongoing monitoring of its Respondents;

(6)
keep adequate records on the files of its Respondents of due diligence and
ongoing monitoring conducted; and

(7)
cease the business relationship or cease carrying out transactions for
TBUK’s Respondents in relation to whom TBUK was unable to conduct
required due diligence and/or enhanced due diligence.

2.6.
The FSA notes that TBUK admitted the breaches at an early stage.

2.7.
TBUK’s failings merit the imposition of a significant financial penalty. The FSA
considers the failings to be particularly serious because:

(1)
FSA Supervisors had warned TBUK in June 2007 of deficiencies in its
approach to money laundering controls. TBUK took some measures to
address these deficiencies and subsequently assured FSA Supervisors in
August 2007 that it was in a position to comply with relevant AML
requirements. However, the measures taken by TBUK failed to satisfy
these AML requirements;

(2)
all of TBUK’s Respondents were based in Turkey and Northern Cyprus
(non-EEA jurisdictions) which the Firm should have been aware did not
have UK-equivalent AML systems in the Relevant Period. Considering
information available to TBUK in the Relevant Period, the Firm could not
have reasonably assessed Turkey to pose a low, or Northern Cyprus to
pose a medium to higher, money laundering risk; and

(3)
every correspondent banking relationship presented a high risk of money
laundering because of the non face-to-face nature of correspondent
banking and the non UK-equivalent jurisdictions involved.

3.
DEFINITIONS

3.1.
The definitions below are used in this Decision Notice:

“AML” means anti-money laundering and counter terrorist financing.

“AML Handbook” means TBUK’s “anti-money laundering and counter
terrorist financing Handbook for management and Staff” dated January 2008
which contained the Firm’s “prevention of money laundering, fraud and terrorist
financing policies, standards and high level procedures”.

“beneficial owner” means the term as defined in regulation 6 of the ML
Regulations.

“Correspondent banking” means the term as used in regulation 6 of the ML
Regulations and defined in JMLSG Guidance, Part II, paragraph 16.1 as the
provision of banking-related services by one bank (correspondent) to an overseas
bank (respondent) to enable the respondent to provide its own customers with
cross-border products and services that it cannot provide them with itself,

typically due to a lack of an international network.

“CTF” means counter terrorist financing.

“DEPP” means the FSA’s Decision Procedures and Penalties manual as at 15
December 2007, which forms part of the FSA Handbook.

“EG” means the FSA Enforcement Guide which contains “general guidance”
given by the FSA pursuant to s. 158(5) of the Financial Services and Markets Act
2000.

“FATF” means the Financial Action Task Force which is an inter-governmental
body whose purpose is the development and promotion of policies, both at
national and international levels, to combat money laundering and terrorist
financing. FATF has established a set of Recommendations that set out the basic
framework for anti-money laundering efforts and are intended to be of universal
application. The mutual evaluation programme is the primary instrument by
which the FATF monitors progress made by member governments in
implementing the FATF Recommendations.

“Firm” means Turkish Bank (UK) Ltd.

“FSA” means the Financial Services Authority.

“JMLSG” means the Joint Money Laundering Steering Group.

“JMLSG Guidance” means Part I and Part II of the guidance published by the
JMLSG in December 2007 as approved by the Treasury titled “Prevention of
money laundering/combating terrorist financing: Guidance for the UK Financial
Sector” on compliance with relevant AML law and regulations, including the ML
Regulations, regulatory requirements in the FSA Handbook and evolving practice
within the financial services industry. Similar provisions were contained in the
subsequent version of the JMLSG Guidance, published December 2009. The
JMLSG Guidance sets out what is expected of firms and their staff in relation to
the prevention of money laundering.

“ML Regulations” means the Money Laundering Regulations 2007 which came
into force on 15 December 2007 and implement the third money laundering
directive. The ML Regulations impose requirements on relevant persons
(including credit institutions) to establish, maintain and apply appropriate AML
controls over their customers.

“money laundering” means the term as defined in regulation 2(1) of the ML
Regulations and for purposes of this Notice includes the term “terrorist financing”
as defined in regulation 2(1) of the ML Regulations.

“PEP” means a politically exposed person. A PEP is defined in regulation 14(5)
of the ML Regulations as “an individual who is or has, at any time in the
preceding year, been entrusted with a prominent public function by – (i) a state
other than the United Kingdom; (ii) a Community institution; or (iii) an

international body”. The definition includes immediate family members and
known close associates of such a person.

“Relevant Period” refers to the period between 15 December 2007 and 3 July
2010.

“Respondent” refers to TBUK’s customers acting as respondent banks in
TBUK’s correspondent banking relationships in the Relevant Period.

“SARs” refers to Suspicious Activity Reports which are used to report known or
suspected money laundering or suspicious activity observed by credit and
financial institutions to SOCA under the Proceeds of Crime Act 2002 or the
Terrorism Act 2000.

“SOCA” refers to the Serious Organised Crime Authority.

“TBUK” means Turkish Bank (UK) Ltd.

“Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).

4.
FACTS AND MATTERS

TBUK

4.1.
TBUK is a wholly owned subsidiary of Turkish Bank Limited which is
incorporated in Northern Cyprus. TBUK has a UK head office and six branches
in London. The firm’s customers are mainly from the Turkish (including Turkish
Cypriot) community in London. TBUK’s UK customer base is mainly retail. The
Firm offers a range of financial services, including correspondent banking. In the
Relevant Period, TBUK had 15 correspondent banking relationships where the
Firm acted as the correspondent bank. Nine of these relationships were with
Respondents in Turkey; six were with Respondents in Northern Cyprus.

Correspondent banking

4.2.
Correspondent banking involves non face-to-face business. As a correspondent
bank, TBUK acted as an agent for its Respondents in Turkey and Northern
Cyprus in the Relevant Period. It provided its Respondents’ underlying
customers with services that these Respondents could not provide themselves,
such as payment or clearing related services in the United Kingdom. To that end,
TBUK relied on its Respondents’ AML controls over their underlying customers
to prevent these customers access to the UK financial system for purposes of
money laundering.

4.3.
The ML Regulations acknowledge that the nature of correspondent banking with
a respondent institution in a non-EEA state (such as Turkey and Northern Cyprus)
presents a high risk of money laundering requiring enhanced customer due
diligence and ongoing monitoring of the relationship. The JMLSG Guidance

considers the highest risk respondents to be those in jurisdictions with weak
regulatory or AML controls or other significant reputational risk factors,
including corruption. In the Relevant Period, Turkey and Northern Cyprus did
not have UK-equivalent AML requirements, as discussed in paragraphs 4.23-24
below.

Due diligence requirements

4.4.
Due diligence and monitoring requirements are designed to make it more difficult
for the financial services industry to be used for money laundering.

4.5.
Customer due diligence obligations require a firm to gather and adequately
consider documents, data or other information about a customer. This ensures
that a firm identifies and verifies the identity of the customer, including that of a
corporate entity’s beneficial owner. Where the customer is a corporate entity, a
trust or other legal entity or arrangement, the firm must take measures to
understand the ownership and control structure of the customer. A firm must also
obtain from the customer information about the purpose and intended nature of
the proposed business relationship.

4.6.
The purpose of due diligence requirements is that a firm will gather and consider
enough information to allow it to make an informed decision on whether to
commence or maintain a business relationship. It is also meant to allow a firm to
gauge what level of due diligence and ongoing monitoring the relationship
requires. Therefore, it does not suffice to merely collect information without
consideration because this will not allow for an informed risk-based AML
approach towards the relationship.

4.7.
If a firm has assessed that the business relationship with the customer is high risk,
it must conduct enhanced due diligence in addition to meeting the basic customer
due diligence requirements. The ML Regulations prescribe that enhanced due
diligence is undertaken on correspondent banking relationships involving non-
EEA jurisdictions. Specifically, the correspondent must:

(1)
gather sufficient information about the Respondent to understand fully the
nature of its relationship;

(2)
determine the Respondent’s reputation and the quality of its supervision
from publicly available information;

(3)
assess the Respondent’s AML controls;

(4)
obtain senior management approval before establishing a new
correspondent banking relationship;

(5)
document the respective responsibilities of the respondent and
correspondent; and

(6)
satisfy itself that the Respondent has identified and verified its underlying
customers who have direct access to the correspondent’s accounts,
conducts ongoing monitoring of those underlying customers and is able to

7

provide the correspondent relevant documents and information about
them.

4.8.
The information gathered through customer due diligence and enhanced due
diligence forms the basis for the firm’s understanding of the money laundering
risks posed by a customer. This allows the firm to conduct appropriate ongoing
monitoring of that customer’s transactions and the overall relationship. It
increases the likelihood that a firm will detect the use of its products and services
for the purpose of money laundering.

Ongoing monitoring requirements

4.9.
A firm must conduct ongoing monitoring of all business relationships. Ongoing
monitoring is a separate, but related, obligation from the requirement to carry out
customer due diligence or enhanced due diligence. Where the customer is
considered to be a high risk customer, such as for respondents in correspondent
banking relationships with non-EEA countries, that monitoring must be enhanced.
This means more frequent or intensive monitoring. Enhanced ongoing
monitoring is important to understand any changes to money laundering risks
posed by the customer.

4.10. Ongoing monitoring includes keeping relevant customer information up to date
through regular reviews of the customer relationship and monitoring of customer
transactions to ensure that they are consistent with the firm’s knowledge of the
customer, its business and risk profile. A firm must scrutinise a customer’s
transactions on a risk-sensitive basis to identify any unusual or suspicious activity
that may be related to money laundering.

The FSA thematic review and investigation

4.11. The FSA conducted a thematic review of how banks operating in the UK were
managing money laundering risk in high risk situations. One area of focus for the
review was how banks manage the risks arising from correspondent banking. The
FSA’s thematic review findings were reported in June 2011.

4.12. In the course of the thematic review, the FSA visited TBUK in July 2010 to
assess its AML systems and controls over high risk customers, wire transfers and
correspondent banking. The results of this visit gave serious cause for concern in
relation to the Firm’s AML controls over correspondent banking.

4.13. After further investigation, including a review of TBUK’s relevant policies and
procedures and all 15 of TBUK’s relevant Respondent files, the FSA identified
failings in respect of TBUK’s AML controls over correspondent banking. These
failings are described below.

Inappropriate AML policies and procedures

4.14. During the Relevant Period, TBUK had in place an AML Handbook dated
January 2008. The AML Handbook contained inappropriate policies and
procedures for the prevention of money laundering.

4.15. TBUK’s AML Handbook purported to reflect the requirements imposed by the
ML Regulations (which came into effect on 15 December 2007) and the JMLSG
Guidance (which was approved by the Treasury in December 2007). In reality,
the AML Handbook did not establish policies and procedures that appropriately
reflected the high risk of money laundering posed by TBUK’s correspondent
banking relationships with Respondents in Turkey and Northern Cyprus.

4.16. As with any regulated firm conducting correspondent banking, the FSA required
TBUK to update its AML Handbook to reflect the requirements of the ML
Regulations.

4.17. In the Relevant Period, TBUK’s AML Handbook should have contained policies
and procedures requiring that the risk assessment, due diligence and ongoing
monitoring in relation to existing Respondent accounts were up to date and
consistent with the ML Regulations.

4.18. TBUK did not update its AML Handbook until after the FSA’s 2010 thematic
review and the resulting investigation.

Inappropriate policies and procedures in relation to risk-assessment

4.19. TBUK’s AML Handbook contained erroneous and inconsistent policies
concerning the risk assessment of the Firm’s correspondent banking relationships.

4.20. Nine of TBUK’s 15 correspondent banking relationships in the Relevant Period
were with Respondents in Turkey. TBUK’s AML Handbook incorrectly
classified all correspondent banking relationships with Respondents in Turkey as
low risk. However, this risk designation should have been expressly limited to
correspondent banking relationships in EU member states. The risk section of
TBUK’s AML Handbook acknowledged that Turkey was not a member of the
EU, but wrongly considered Turkey’s AML regime equivalent to the UK on the
basis that Turkey was a member of FATF. In the same passage, the AML
Handbook mentioned Turkey’s vulnerabilities due to its status as a transit and
production country for drugs.

4.21. As a result, TBUK’s high-level procedures erroneously stated that simplified due
diligence may be applied to Turkey, thereby instructing that certain due diligence
and enhanced due diligence measures were unlikely to be necessary.

4.22. Six of TBUK’s 15 correspondent banking relationships in the Relevant Period
were with Respondents in Northern Cyprus. While TBUK’s AML policies
acknowledged that Northern Cyprus was not an equivalent jurisdiction to the UK
for purposes of AML controls, the Firm’s AML Handbook erroneously suggested
that a risk classification of medium to higher risk applied in relation to
correspondent banking. At the same time, TBUK’s AML Handbook designated
all countries other than the EU member states as medium risk.

4.23. Turkey is a FATF member, but it was not a jurisdiction with UK-equivalent AML
requirements in the Relevant Period. More specifically:

(1)
On 23 February 2007, FATF published the Summary of its Third Mutual
Evaluation Report for Turkey. The Report identified multiple areas where
Turkey was non-compliant with the FATF Recommendations, including as
relevant here, that it had no AML requirements for the application of
enhanced due diligence, the verification of legal persons (including
ownership and control and beneficial owners) or dealing with PEPs; and

(2)
On 8 August 2008, the JMLSG issued specific guidance confirming that
Turkey was not included in the list of EU-equivalent jurisdictions and
advised that firms will need to carry out their own risk assessment of non-
equivalent countries and pay particular attention to Mutual Evaluation
Reports undertaken by FATF.

4.24. Northern Cyprus is only recognised by Turkey, is not a FATF member and had
not been assessed as having UK-equivalent AML requirements in the Relevant
Period.

4.25. Based on the ML Regulations, JMLSG Guidance and other information available
to TBUK (from e.g. FATF and the EU, and more specifically, TBUK’s own view
of Turkey’s vulnerable status as a country where drug transit and production were
prevalent) at the time it drafted its AML Handbook, the Firm ought to have put in
place policies and procedures that reflected that correspondent banking
relationships in Turkey and Northern Cyprus represented a high risk of money
laundering requiring enhanced due diligence and enhanced ongoing monitoring of
Respondents.

Inappropriate procedures in relation to customer due diligence, ongoing
monitoring and record-keeping

4.26. TBUK’s AML procedures for customer due diligence and ongoing monitoring
applicable to existing Respondents did not require the Firm’s customer
information to be brought up to the standard required by the ML Regulations.

4.27. TBUK’s AML Handbook contained some high-level procedures for the
monitoring of specific activity and transactions, but correspondent banking was
not included.

4.28. The AML Handbook made reference to TBUK’s detailed account opening
procedures contained in the Firm’s Procedures Manual. That document suggested
that the detailed procedures did not apply to correspondent banking because that
activity was exceptional and subject to individually specified documentary
evidence and due diligence to be agreed by the MLRO and General Management
on a case-by-case basis.

4.29. In addition, TBUK’s AML procedures for record-keeping did not provide
sufficient detail for day-to-day application and compliance by TBUK’s staff.

Failure to conduct appropriate due diligence on existing Respondents

4.30. After the ML Regulations took effect on 15 December 2007, TBUK was required
to update the due diligence information relating to identification and verification

of its existing correspondent banking relationships to ensure compliance. The
FSA paper titled “The FSA’s new role under the Money Laundering Regulations
2007: Our Approach” dated September 2007, specifically sets out that
“Authorised Firms should consult the Money Laundering Regulations and the
[JMLSG] guidance to understand what they will need to consider and what
changes to their procedures will need to be made” once the ML Regulations take
effect on 15 December 2007. The FSA’s publication reinforced the introduction
of the ML Regulations and supported their requirements.

4.31. The consideration of the money laundering risk posed by a customer and the
recording of that risk classification on the file is essential. As AML controls are
applied on a risk-sensitive basis, the risk rating of a correspondent banking
relationship determines the level of due diligence and ongoing monitoring to be
conducted on that account. Each of the Firm’s correspondent banking
relationships with Respondents in Turkey and Northern Cyprus (both non-EEA
jurisdictions) should have been assessed as posing a high risk of money
laundering requiring the application, on a risk-sensitive basis, of enhanced due
diligence in addition to basic due diligence. However, none of the files reviewed
by the FSA contained a risk rating.

4.32. In relation to basic due diligence performed by TBUK on the files reviewed, the
Firm did not satisfactorily identify and verify the identity of its Respondents and
their beneficial owners. TBUK did not seek to understand the ownership and
control structure of its Respondents (who were all corporate entities). Because of
this failing, TBUK was not in a position to conduct and did not conduct PEP and
sanction screening on relevant persons linked to its Respondents.

4.33. In relation to six active Respondent files maintained during the Relevant Period,
identification and verification information held was in a foreign language. While
some staff at TBUK may have been able to understand this information, TBUK
did not adequately review these documents and consider whether they provided
evidence of the Respondents’ respective identities.

4.34. In addition, TBUK did not conduct the enhanced due diligence required by the
ML Regulations, including assessing its Respondents’ AML controls over their
underlying customers who benefited from the correspondent banking services
provided by TBUK. The importance of the enhanced due diligence measures are
underscored by the conclusions in the 2007 FATF Summary Report on Turkey
that the country had not implemented AML measures requiring e.g. the
establishment of PEPs, identification and verification of beneficial owners, and
other due diligence measures. In its correspondent banking relationships, TBUK
relied on the Turkish Respondents’ AML controls over their underlying
customers, despite FATF’s assessment that Turkey’s AML regime was deficient.
Further, as set out above, the EU member states did not consider Turkey and
Northern Cyprus to be jurisdictions with AML requirements equivalent to the EU.

4.35. These failings had serious consequences and were confirmed by TBUK’s review
of its correspondent banking relationships as part of its remedial work. TBUK
found that six of its 15 Respondents had PEPs or former PEPs associated with
them. TBUK should have conducted sufficient due diligence on these

relationships to consider the money laundering risks posed by each such
relationship.

4.36. In relation to each of the 15 correspondent banking files reviewed, TBUK did not
conduct the customer due diligence and enhanced due diligence required by the
ML Regulations. Under regulation 11 of the ML Regulations, TBUK should not
have carried out transactions for any of its Respondents until the required due
diligence had been conducted or alternatively should have terminated its
relationship with its Respondents at issue.

4.37. Only after the FSA’s 2010 thematic review and subsequent FSA investigation did
TBUK update the due diligence information held on its Respondents to the
standard required by the ML Regulations. As a result of the information
gathered, TBUK assessed the money laundering risks posed by two of the 15
Respondents as unacceptable and terminated these relationships.

Failure to conduct enhanced ongoing monitoring

4.38. Ongoing monitoring has two components. One requires regular review of the
customer relationship in order to keep the information held about the customer up
to date. The other requires the scrutiny of transactions undertaken throughout the
course of the relationship to ensure that they are consistent with the knowledge
held about the customer. The ML Regulations require enhanced ongoing
monitoring of high risk customer relationships, which means more frequent or
intensive monitoring.

4.39. TBUK’s ongoing monitoring of its correspondent banking relationships did not
meet the requirements of the ML Regulations.

4.40. TBUK’s AML questionnaires were used for ongoing monitoring purposes.
However, TBUK’s ongoing monitoring of Respondents was inadequate because
the Firm did not send the AML questionnaires to each Respondent on a regular
basis. In 2007, five of the 15 Respondents returned TBUK’s AML questionnaire.
In 2008, only one of the 15 Respondents returned TBUK’s AML questionnaire.
In 2009 and 2010, 12 of the 15 Respondents returned an AML questionnaire. The
FSA’s review found that the responses provided by Respondents were often not
considered by TBUK, were incomplete or did not provide sufficient detail.
Further, TBUK did not challenge unanswered questions.

4.41. For instance, certain Respondents merely confirmed that they had AML controls
over their underlying customers in place without detailing what these controls
were. As TBUK did not seek to clarify the nature of these AML controls, the
Firm cannot be said to have conducted an assessment as required by the ML
Regulations.

4.42. Also, one Respondent informed TBUK that it did not monitor its underlying
customers’ transactions. TBUK should have been aware that the ML Regulations
require the ongoing monitoring of customers’ transactions. TBUK should not
have relied on its Respondent’s AML controls over their underlying customers if
it was evident that these controls did not meet internationally recognised

standards as reflected in the ML Regulations. Once the Respondent informed
TBUK that it did not monitor its underlying customers’ transactions, TBUK
should have taken appropriate action, such as considering whether to cease
conducting further transactions or terminate the relationship.

4.43. TBUK engaged in limited transaction monitoring of its Respondents’ accounts.
For this purpose, every time a Respondent used TBUK as the correspondent on a
transaction, TBUK knew the name of the Respondent’s underlying customer.
TBUK checked the underlying customer’s name against its own watch list.
TBUK’s watch list only contained Turkish appearing names from various
sources, including warning lists published by the British Bankers’ Association
and HM Treasury, local (Turkish) media publications, TBUK’s internal reports,
and police production orders. TBUK’s PEP and sanctions screening, especially
of its Respondents (and not just of their underlying customers) should have
included the use of an appropriate official database, such as the Consolidated
Sanctions lists maintained and published by HM Treasury.

4.44. Only after the FSA’s 2010 thematic review and subsequent implementation of a
Risk Mitigation Programme did TBUK conduct a review of transactions in the
Relevant Period by checking the names of Respondents’ underlying customers
against comprehensive PEP and sanctions lists.

4.45. The investigation compared the results of TBUK’s remedial review over ten
months within the Relevant Period (1 October 2009 to 1 July 2010) against the
results of the original watch list screening performed by TBUK in the Relevant
Period. The original screening had flagged 42 transactions. TBUK’s
retrospective review identified 21 additional transactions that should have been
flagged for approval. Instead, TBUK processed these 21 transactions without any
query.

Failure to keep adequate records

4.46. None of the correspondent banking files reviewed contained a risk assessment of
the relevant Respondent.

4.47. To the extent TBUK conducted any due diligence and ongoing monitoring of its
15 Respondents in the Relevant Period, it did not keep appropriate records of the
evidence of the Respondents’ identities obtained and supporting records in
respect of the correspondent banking relationships.

4.48. Also, TBUK did not document the respective responsibilities of its Respondents
and TBUK as the correspondent as required by the ML Regulations.

4.49. Only after the FSA’s 2010 thematic review and the subsequent FSA investigation
did TBUK improve its record-keeping practices in relation to correspondent
banking activities.

5.
FAILINGS

5.1.
The statutory and regulatory provisions relevant to this Decision Notice are

referred to in the Appendix.

5.2.
On the basis of the facts and matters set out above, the FSA considers that TBUK
breached the ML Regulations because it did not take reasonable care to establish,
maintain and apply appropriate AML controls over its correspondent banking
activities in the Relevant Period. This included the following specific failings.

Inappropriate AML policies and procedures

5.3.
On the basis of the facts and matters set out at paragraphs 4.14 to 4.29, TBUK
breached regulations 20(1)(a), (c) and (e) of the ML Regulations. In the Relevant
Period, the Firm did not maintain appropriate and risk-sensitive AML policies and
procedures concerning customer due diligence, ongoing monitoring, record-
keeping, and risk assessment and management for correspondent banking
relationships.

5.4.
TBUK’s high-level AML policies and procedures did not enable it to identify,
assess, monitor and manage money laundering risks associated with
correspondent banking in compliance with the prevailing requirements of the ML
Regulations. Its AML policies and procedures were not comprehensive and
proportionate to the nature, scale and complexity of TBUK’s correspondent
banking activities.

Risk assessment policies and procedures

5.5.
TBUK’s AML policies and procedures were incorrect and inconsistent in relation
to the Firm’s approach to the assessment and rating of money laundering risk
associated with correspondent banking relationships in Turkey and Northern
Cyprus.

5.6.
In addition, TBUK’s AML policies and procedures provided an inappropriate
risk-assessment of correspondent banking activities. In contravention of the
explicit provisions of the ML Regulations and despite evidence available to the
Firm about money laundering risks associated with Turkey and Northern Cyprus,
TBUK’s AML policies and procedures deemed correspondent banking with
Turkey low risk and with Northern Cyprus medium to higher risk. The Firm’s
AML Handbook did not provide any further guidance as to what considerations
were relevant to whether a relationship was higher rather than medium risk and
the relevant consequences for purposes of due diligence and ongoing monitoring

Customer due diligence and ongoing monitoring policies and procedures

5.7.
The Firm’s high-level procedures were wrong in stating that simplified due
diligence may be applied to Respondents from Turkey.

5.8.
TBUK’s policies and procedures did not set out how information held in relation
to an existing Respondent, including due diligence information, would be
periodically reviewed and updated and thus breached regulation 20(a) of the ML
Regulations.

5.9.
TBUK’s AML Handbook acknowledged that the foundation of any monitoring

procedure lies in the initial collection of identification and customer due diligence
information and the ongoing updating of that information. But, the AML
procedures did not set out how this updating of information would be achieved in
practice. TBUK’s procedures for review and updating of existing Respondent
information were not sufficiently detailed and did not meet the requirements of
the ML Regulations.

5.10. Also, in relation to ongoing monitoring, TBUK’s AML procedures suggested that
this should be done through periodic review, but no further instruction was given
as to what frequency would be appropriate for accounts with high levels of money
laundering risks associated, such as correspondent banking. Notably, while
monitoring of specific types of transactions (such as cash transactions and large
transactions) was set out in the procedures, no such provisions were made for
correspondent banking.

5.11. In relation to record-keeping, the Firm’s policies and procedures did not contain
the appropriate level of detail required by regulation 20(c) of the ML Regulations.

5.12. These failings are serious because they show that at the highest policy level, the
Firm inaccurately informed its staff of the money laundering risks associated with
its correspondent banking activities. Failings in the application of the ML
Regulations in relation to customer due diligence, ongoing monitoring and
record-keeping occurred as a direct result of the Firm’s inconsistent and
inappropriate AML policies and procedures.

Failure to conduct appropriate due diligence and ongoing monitoring to
existing Respondents

5.13. On the basis of the facts and matters set out at paragraphs 4.30 to 4.45, TBUK
breached regulations 5, 7, 8 and 14(3) of the ML Regulations. All of TBUK’s
correspondent banking relationships should have been subjected to an appropriate
level of customer due diligence and ongoing monitoring. This should have met
the requirements set out in regulations 5, 7 and 8 of the ML Regulations and the
enhanced due diligence and ongoing monitoring requirements set out in
regulation 14(3) of the ML Regulations.

5.14. For all 15 Respondents, TBUK failed to obtain required information concerning
identification and verification of each Respondent to the standards required by the
ML Regulations was missing.

5.15. Where AML questionnaires were used by TBUK, the Firm did not follow up on
incomplete or inadequate responses.

Failure to keep adequate records

5.16. On the basis of the facts and matters set out at paragraphs 4.46 to 4.49, TBUK
failed to keep adequate records of any due diligence and ongoing monitoring it
had conducted in breach of regulation 19 of the ML Regulations.

5.17. TBUK did not keep records showing it considered and challenged the responses
given by Respondents to its AML questionnaires, including responses in a

foreign language (such as a Respondent’s AML policy). It also did not keep
records of the reason for authorising transactions flagged in the course of
screening against a limited sanction watch list.

6.
SANCTION

6.1.
Pursuant to Regulations 2(1), 36(a) and 42(1) of the ML Regulations, the FSA is a
designated authority who may impose a penalty on a relevant person for failure to
comply with the ML Regulations at issue in this Notice.

6.2.
TBUK (a credit institution) is a relevant person pursuant to regulations 2(1) and
3(1)(a) of the ML Regulations.

6.3.
In deciding whether TBUK has failed to comply with the relevant requirements of
the ML Regulations, the FSA must consider whether TBUK followed the relevant
JMLSG Guidance as the JMLSG Guidance meets the requirements set out in
regulation 42(3) of the ML Regulations.

6.4.
Regulation 42(1) of ML Regulations states that the FSA may impose on a person
who failed to comply with the requirements of the ML Regulations a penalty of
such amount as it considers appropriate. The FSA has considered whether it can
be satisfied that TBUK took all reasonable steps and exercised all due diligence to
ensure that the requirements of the ML Regulations would be complied with and
concludes that it can not for reasons set out in section 6 of this Notice above.

6.5.
The FSA has regard to the factors in Chapter 6 of DEPP for the imposition of a
financial penalty under the ML Regulations. As the majority of the misconduct
occurred before the introduction of the FSA’s new penalty regime on 6 March
2010, the FSA has applied the penalty regime that was in place as at 15 December
2007. In that regard, DEPP 6.5.2G sets out the relevant factors for determining
the appropriate level of financial penalty to be imposed on TBUK. The criteria
are not exhaustive and all relevant circumstances of the case have been taken into
consideration. In determining the appropriate level of sanction, the FSA has had
regard to the factors listed below.

6.6.
The FSA considers that the proposed financial penalty will promote high
standards of conduct by deterring firms which have breached the ML Regulations
from committing further contraventions, helping to deter other firms from
committing breaches of the ML Regulations, and demonstrating generally to firms
the benefits of compliant behaviour. It will strengthen the message to the industry
that it is vital to take proper steps to ensure that AML controls over correspondent
banking relationships are adequate, even when the origins of long-standing
existing relationships predate the introduction of the ML Regulations.

Seriousness and impact of the breaches

6.7.
The FSA has had regard to the seriousness of the breaches, including the nature of
the requirements breached, the number and duration of the breaches, the
seriousness or systemic character of the Firm’s failings. For the reasons set out

in paragraph 2.7 above, the FSA considers TBUK’s breaches, which persisted for
more than two and a half years, to be particularly serious. The weaknesses in
TBUK’s AML controls resulted in an unacceptable risk that the Firm could have
handled the proceeds of crime through its correspondent banking relationships.

The extent to which the breaches were deliberate or reckless

6.8.
The FSA does not consider that the misconduct on the part of TBUK was
deliberate or reckless.

The size, financial resources and other circumstances of the Firm

6.9.
In determining the level of penalty, the FSA has considered TBUK’s size and
financial resources. There is no evidence to suggest that TBUK is unable to pay
the penalty.

Conduct following the breaches

6.10. Since the commencement of the FSA’s investigation, TBUK has worked in an
open and cooperative manner with the FSA.

6.11. Following the FSA’s visit in 2010 and the findings of the FSA investigation, the
Firm, as part of an FSA remedial programme, has taken steps to establish detailed
procedures in relation to correspondent banking relationships that comply with
the ML Regulations.

6.12. TBUK fully accepts that it did not meet the requirements of the ML Regulations
throughout the Relevant Period.

6.13. TBUK took disciplinary action against the senior managers responsible for its
AML controls, including withholding their annual bonus for the year 2011.

Disciplinary record and compliance history

6.14. TBUK has not been the subject of any previous disciplinary action.

Previous action taken by the FSA in relation to similar findings

6.15. The FSA has not previously imposed a penalty on a firm for failings in AML
controls over correspondent banking. However, in determining whether and what
financial penalty to impose on TBUK, the FSA has taken into account action
taken by the FSA in relation to other authorised persons for comparable
behaviour.

FSA guidance and other published material

6.16. Pursuant to regulation 42(3) of the ML Regulations, DEPP 6.2.3G and EG 19.82,
the FSA has had regard to whether TBUK followed the relevant provisions of the
JMLSG Guidance in deciding whether TBUK failed to comply with the ML
Regulations.

7.
PROCEDURAL MATTERS

Decision maker

7.1.
The decision which gave rise to the obligation to give this Notice was made by
the Settlement Decision Makers.

7.2.
This Decision Notice is given to you in accordance with regulation 42(7) of the
ML Regulations.

Access to evidence

7.3.
The FSA grants you access to:

(1)
the material upon which the FSA has relied in deciding to give you this
Notice; and

(2)
any secondary material which, in the opinion of the FSA, might
undermine that decision.

7.4.
There is no such secondary material to which the FSA grants you access.

Manner of and time for payment

7.5.
The financial penalty must be paid in full by TBUK to the FSA by no later than 9
August 2012, 14 days from the date of this Notice.

If the financial penalty is not paid

7.6.
If all or any of the financial penalty is outstanding on 10 August 2012, the FSA
may recover the outstanding amount as a debt owed by TBUK and due to the
FSA.

Confidentiality and publicity

7.7.
The FSA must such information about the matter to which this Notice relates as
the FSA considers appropriate. The information may be published in such
manner as the FSA considers appropriate. However, the FSA may not publish
information if such publication would, in the opinion of the FSA, be unfair to you
or prejudicial to the interests of consumers.

7.8.
The FSA intends to publish such information about the matter to which this
Notice relates as it considers appropriate.

FSA contacts

7.9.
For more information concerning this matter generally, contact Bill Sillett (direct
line: 020 7066 5880/email: bill.sillett@fsa.gov.uk).

Tracey McDermott

Acting Director of Enforcement and Financial Crime Division

Stephen Bland

Director of Investment Banks and Overseas Banks Division

APPENDIX – REGULATORY AND STATUTORY PROVISIONS

1. DEPP (at 15 December 2007)

DEPP Chapter 6 - Penalties

DEPP 6.2.3G - The FSA’s rules on systems and controls against money laundering are
set out in SYSC 3.2 and SYSC 6.3. The FSA, when considering whether to take action
for a financial penalty or censure in respect of a breach of those rules, will have regard to
whether a firm has followed relevant provisions in the Guidance for the UK financial
sector issued by the Joint Money Laundering Steering Group.

DEPP 6.5.1G(1) - The FSA will consider all the relevant circumstances of a case when it
determines the level of financial penalty (if any) that is appropriate and in proportion to
the breach concerned. The list of factors in DEPP 6.5.2G is not exhaustive: not all of
these factors may be relevant in a particular case, and there may be other factors, not
included below, that are relevant.

DEPP 6.5.1G(2) - The FSA does not apply a tariff of penalties for different kinds of
breach. This is because there will be very few cases in which all the circumstances of the
case are essentially the same and because of the wide range of different breaches in
respect of which the FSA may take action. The FSA considers that, in general, the use of
a tariff for particular kinds of breach would inhibit the flexible and proportionate policy
which it adopts in this area.

DEPP 6.5.2G - The following factors may be relevant to determining the appropriate
level of financial penalty to be imposed on a person under the Act:

(1)
Deterrence - When determining the appropriate level of penalty, the FSA will have
regard to the principal purpose for which it imposes sanctions, namely to promote
high standards of regulatory and/or market conduct by deterring persons who have
committed breaches from committing further breaches and helping to deter other
persons from committing similar breaches, as well as demonstrating generally the
benefits of compliant business.

(2)
The nature, seriousness and impact of the breach in question - The FSA will
consider the seriousness of the breach in relation to the nature of the rule,
requirement or provision breached. The following considerations are among those
that may be relevant:

(a)
the duration and frequency of the breach;

(b)
whether the breach revealed serious or systemic weaknesses in the person’s
procedures or of the management systems or internal controls relating to all
or part of a person’s business;

(c)
in market abuse cases, the FSA will consider whether the breach had an
adverse effect on markets and, if it did, how serious that effect was, which
may include having regard to whether the orderliness of, or confidence in, the
markets in question has been damaged or put at risk. This factor may also be

(b)
The purpose of a penalty is not to render a person insolvent or to threaten the
person’s solvency. Where this would be a material consideration, the FSA
will consider, having regard to all other factors, whether a lower penalty
would be appropriate. This is most likely to be relevant to a person with
lower financial resources; but if a person reduces its solvency with the

relevant in other types of case;

(d)
the loss or risk of loss caused to consumers, investors or other market users;

(e)
the nature and extent of any financial crime facilitated, occasioned or
otherwise attributable to the breach; and

(f)
in the context of contraventions of Part VI of the Act, the extent to which the
behaviour which constitutes the contravention departs from current market
practice.

(3)
The extent to which the breach was deliberate or reckless - The FSA will regard as
more serious a breach which is deliberately or recklessly committed. The matters to
which the FSA may have regard in determining whether a breach was deliberate or
reckless include, but are not limited to, the following:

(a)
whether the breach was intentional, in that the person intended or foresaw the
potential or actual consequences of its actions;

(b)
where the person has not followed a firm’s internal procedures and/or FSA
guidance, the reasons for not doing so;

(c)
where the person has taken decisions beyond its or his field of competence,
the reasons for the decisions and for them being taken by that person;

(d)
whether the person has given no apparent consideration to the consequences
of the behaviour that constitutes the breach;

(e)
in the context of a contravention of any rule or requirement imposed by or
under Part VI of the Act, whether the person sought any professional advice
before the contravention occurred and whether the person followed that
professional advice. Seeking professional advice does not remove a person’s
responsibility for compliance with applicable rules and requirements.

If the FSA decides that the breach was deliberate or reckless, it is more likely to
impose a higher penalty on a person than would otherwise be the case.

(5)
The size, financial resources and other circumstances of the person on whom the
penalty is to be imposed –

(a)
The FSA may take into account whether there is verifiable evidence of
serious financial hardship or financial difficulties if the person were to pay
the level of penalty appropriate for the particular breach. The FSA regards
these factors as matters to be taken into account in determining the level of a
penalty, but not to the extent that there is a direct correlation between those
factors and the level of penalty.

purpose of reducing its ability to pay a financial penalty, for example by
transferring assets to third parties, the FSA will take account of those assets
when determining the amount of a penalty.

(c)
The degree of seriousness of a breach may be linked to the size of the firm.
For example, a systemic failure in a large firm could damage or threaten to
damage a much larger number of consumers or investors than would be the
case with a small firm: breaches in firms with a high volume of business over
a protracted period may be more serious than breaches over similar periods in
firms with a smaller volume of business.

(d)
The size and resources of a person may also be relevant in relation to
mitigation, in particular what steps the person took after the breach had been
identified; the FSA will take into account what it is reasonable to expect from
a person in relation to its size and resources, and factors such as what
proportion of a person’s resources were used to resolve a problem.

(e)
The FSA may decide to impose a financial penalty on a mutual (such as a
building society), even though this may have a direct impact on that mutual’s
customers. This reflects the fact that a significant proportion of a mutual’s
customers are shareholder-members; to that extent, their position involves an
assumption of risk that is not assumed by customers of a firm that is not a
mutual. Whether a firm is a mutual will not, by itself, increase or decrease the
level of a financial penalty.

(8)
Conduct following the breach - The FSA may take the following factors into
account:

(a)
the conduct of the person in bringing (or failing to bring) quickly, effectively
and completely the breach to the FSA's attention (or the attention of other
regulatory authorities, where relevant);

(b)
the degree of co-operation the person showed during the investigation of the
breach by the FSA, or any other regulatory authority allowed to share
information with the FSA, such as an RIE or the Takeover Panel. Where a
person has fully co-operated with the FSA’s investigation, this will be a
factor tending to reduce the level of financial penalty;

(c)
any remedial steps taken since the breach was identified, including whether
these were taken on the person’s own initiative or that of the FSA or another
regulatory authority; for example, identifying whether consumers or investors
or other market users suffered loss and compensating them where they have;
correcting any misleading statement or impression; taking disciplinary action
against staff involved (if appropriate); and taking steps to ensure that similar
problems cannot arise in the future; and

(d)
whether the person concerned has complied with any requirements or rulings
of another regulatory authority relating to the breach (for example, where
relevant, those of the Takeover Panel).

(9)
Disciplinary record and compliance history - The FSA may take the previous
disciplinary record and general compliance history of the person into account. This
will include:

(a)
whether the FSA (or any previous regulator) has taken any previous
disciplinary action against the person;

(b)
whether the person has previously undertaken not to do a particular act or
engage in particular behaviour;

(c)
whether the FSA (or any previous regulator) has previously taken protective
action in respect of a firm using its own initiative powers, by means of a
variation of a firm’s Part IV permission, or has previously requested the firm
to take remedial action and the extent to which that action has been taken.

(d)
the general compliance history of the person, including whether the FSA (or
any previous regulator) has previously brought to the person’s attention,
including by way of a private warning, issues similar or related to the conduct
that constitutes the breach in respect of which the penalty is imposed.

A person’s disciplinary record could lead to the FSA imposing a higher penalty, for
example where the person has committed similar breaches in the past.

In assessing the relevance of a person’s disciplinary record and compliance history,
the age of a particular matter will be taken into account, although a long-standing
matter may still be relevant.

(10) Other action taken by the FSA (or a previous regulator) - Action that the FSA (or a
previous regulator) has taken in relation to similar breaches by other persons may
be taken into account. This includes previous actions in which the FSA (whether
acting by the RDC or the settlement decision makers) and a person on whom a
penalty is to be imposed have reached agreement as to the amount of the penalty.
As stated at DEPP 6.5.1G(2), the FSA does not operate a tariff system. However,
the FSA will seek to apply a consistent approach to determining the appropriate
level of penalty.

(12) FSA guidance and other published materials -

(a)
A person does not commit a breach by not following FSA guidance or other
published examples of compliant behaviour. However, where a breach has
otherwise been established, the fact that guidance or other published
materials had raised relevant concerns may inform the seriousness with
which the breach is to be regarded by the FSA when determining the level of
penalty.

(b)
The FSA will consider the nature and accessibility of the guidance or other
published materials when deciding whether they are relevant to the level of
penalty and, if they are, what weight to give them in relation to other relevant
factors.

(13) The timing of any agreement as to the amount of the penalty - The FSA and the

person on whom a penalty is to be imposed may seek to agree the amount of any
financial penalty and other terms. In recognition of the benefits of such agreements,
DEPP 6.7 provides that the amount of the penalty which might otherwise have been
payable will be reduced to reflect the stage at which the FSA and the person
concerned reach an agreement.

DEPP 6.7.1G - Persons subject to enforcement action may be prepared to agree the
amount of any financial penalty and other conditions which the FSA seeks to impose by
way of such action. Such conditions might include, for example, the amount or
mechanism for the payment of compensation to consumers. The FSA recognises the
benefits of such agreements, in that they offer the potential for securing earlier redress or
protection for consumers and the saving of cost to the person concerned and the FSA
itself in contesting the financial penalty. The penalty that might otherwise be payable in
respect of a breach by the person concerned will therefore be reduced to reflect the
timing of any settlement agreement.

DEPP 6.7.2G - In appropriate cases the FSA’s approach will be to negotiate with the
person concerned to agree in principle the amount of a financial penalty having regard to
the factors set out in DEPP 6.5.2G. (This starting figure will take no account of the
existence of the settlement discount scheme described in this section.) Such amount
(“A”) will then be reduced by a percentage of A according to the stage in the process at
which agreement is reached. The resulting figure (“B”) will be the amount actually
payable by the person concerned in respect of the breach. However, where part of a
proposed financial penalty specifically equates to the disgorgement of profit accrued or
loss avoided then the percentage reduction will not apply to that part of the penalty.

DEPP 6.7.3G

(1)
The FSA has identified four stages of an action for these purposes:

(a)
the period from commencement of an investigation until the FSA has:

(i)
a sufficient understanding of the nature and gravity of the breach to
make a reasonable assessment of the appropriate penalty; and

(ii)
communicated that assessment to the person concerned and

allowed a reasonable opportunity to reach agreement as to the

amount of the penalty (“stage 1”);

(b) the period from the end of stage 1 until the expiry of the period for making
written representations or, if sooner, the date on which the written
representations are sent in response to the giving of a warning notice (“stage
2”);

(c) the period from the end of stage 2 until the giving of a decision notice (“stage
3”);

(d) the period after the end of stage 3, including proceedings before the Tribunal
and any subsequent appeals (“stage 4”).

(2) The communication of the FSA’s assessment of the appropriate penalty for the

purposes of DEPP 6.7.3G(1)(a) need not be in a prescribed form but will include an
indication of the breaches alleged by the FSA. It may include the provision of a
draft warning notice.

(3) The reductions in penalty will be as follows:

Stage at which agreement reached
Percentage reduction

Stage 1
30

Stage 4
0

DEPP 6.7.4G(1) - Any settlement agreement between the FSA and the person concerned
will therefore need to include a statement as to the appropriate penalty discount in
accordance with this procedure.

DEPP 6.7.5G - In cases in which the settlement discount scheme is applied, the fact of
settlement and the level of the discount to the financial penalty imposed by the FSA will
be set out in the final notice.

2. EG

The conduct of investigations under the Money Laundering Regulations

EG 19.79 - When the FSA proposes or decides to impose a penalty under the Money
Laundering Regulations, it must give the person on whom the penalty is to be imposed a
notice. These notices are akin to warning notices and decision notices given under the
Act, although Part XXVI (Notices) of the Act does not apply to notices given under the
Regulations.

EG 19.80 - The RDC is the FSA’s decision maker for contested cases in which the FSA
decides to impose a penalty under the Money Laundering Regulations. This builds a
layer of separation into the process to help ensure not only that decisions are fair but that
they are seen to be fair. The RDC will make its decisions following the procedure set out
in DEPP 3.2 or, where appropriate, DEPP 3.3. Where the FSA imposes a penalty on a
person under the Money Laundering Regulations, that person may appeal the decision to
the Tribunal.

EG 19.81 - Although the Money Laundering Regulations do not require it, the FSA will
involve third parties and provide access to Authority material when it gives notices under
the Regulations, in a manner consistent with the provisions of sections 393 and 394 of
the Act. However, there is no formal mechanism under the Money Laundering
Regulations for third parties to make representations in respect of proposed money
laundering actions. If a third party asks to make representations, it will be a matter for the
FSA’s decision makers to decide whether this is appropriate and, if so, how best to
ensure that these representations are taken into consideration. In general it is expected
that decision makers would agree to consider any representations made. Third parties
may not refer cases to the Tribunal as the Money Laundering Regulations give the
Tribunal no power to hear such referrals.

EG 19.82 - When imposing or determining the level of a financial penalty under the
Regulations, the FSA’s policy includes having regard, where relevant, to relevant factors
in DEPP 6.2.1G and DEPP 6.5 to DEPP 6.5D. The FSA may not impose a penalty where
there are reasonable grounds for it to be satisfied that the subject of the proposed action
took all reasonable steps and exercised all due diligence to ensure that the relevant
requirement of the Money Laundering Regulations would be met. In deciding whether a
person has failed to comply with a requirement of the Money Laundering Regulations,
the FSA must consider whether he followed any relevant guidance which was issued by a
supervisory authority or other appropriate body; approved by the Treasury; and published
in a manner approved by the Treasury. The Joint Money Laundering Steering Group
Guidance satisfies this requirement.

EG 19.83 - As with cases under the Act, the FSA may settle or mediate appropriate cases
involving civil breaches of the Money Laundering Regulations to assist it to exercise its
functions under the Regulations in the most efficient and economic way. The settlement
discount scheme set out in DEPP 6.7 applies to penalties imposed under the Money
Laundering Regulations.

EG 19.84 - The FSA will apply the approach to publicity that it has outlined in EG 6.
However, as the Money Laundering Regulations do not require the FSA to issue final
notices, the FSA will publish such information about the matter to which the decision
notice relates as it considers appropriate. This will generally involve publishing the
decision notice on the FSA’s website, with or without an accompanying press release,
and updating the Public Register.

3. THE MONEY LAUNDERING REGULATIONS 2007

Regulation 2 - Interpretation

(1)
In these Regulations-

“the 2000 Act” means the Financial Services and Markets Act 2000;

“Annex I financial institution” has the meaning given by regulation 22(1);

“authorised person” means a person who is authorised for the purposes of the 2000 Act;

“the Authority” means the Financial Services Authority;

“the banking consolidation directive” means Directive 2006/48/EC of the European
Parliament and of the Council of 14th June 2006 relating to the taking up and pursuit of
the business of credit institutions;

“beneficial owner” has the meaning given by regulation 6;

“business relationship” means a business, professional or commercial relationship
between a relevant person and a customer, which is expected by the relevant person, at
the time when contact is established, to have an element of duration;

“cash” means notes, coins or travellers’ cheques in any currency;

“credit institution” has the meaning given by regulation 3(2);

“customer due diligence measures” has the meaning given by regulation 5;

“financial institution” has the meaning given by regulation 3(3);

“firm” means any entity, whether or not a legal person, that is not an individual and
includes a body corporate and a partnership or other unincorporated association;

“money laundering” means an act which falls within section 340(11) of the Proceeds of
Crime Act 2002;

“the money laundering directive” means Directive 2005/60/EC of the European
Parliament and of the Council of 26th October 2005 on the prevention of the use of the
financial system for the purpose of money laundering and terrorist financing;

“nominated officer” means a person who is nominated to receive disclosures under Part 7
of the Proceeds of Crime Act 2002 (money laundering) or Part 3 of the Terrorism Act
2000 (terrorist property);

“non-EEA state” means a state that is not an EEA state;

“notice” means a notice in writing;

“ongoing monitoring” has the meaning given by regulation 8(2);

[“payment services” has the meaning given by regulation 2(1) of the Payment Services
Regulations 2009;]

“regulated market”—

(a) within the EEA, has the meaning given by point 14 of Article 4(1) of the markets in
financial instruments directive; and

(b)
outside the EEA, means a regulated financial market which subjects companies
whose securities are admitted to trading to disclosure obligations which are
contained in international standards and are equivalent to the specified disclosure
obligations;

“relevant person” means a person to whom, in accordance with regulations 3 and 4, these
Regulations apply;

“supervisory authority” in relation to any relevant person means the supervisory
authority specified for such a person by regulation 23;

“terrorist financing” means an offence under—

(a)
section 15 (fund-raising), 16 (use and possession), 17 (funding arrangements), 18
(money laundering) or 63 (terrorist finance: jurisdiction) of the Terrorism Act
2000;

(b)
paragraph 7(2) or (3) of Schedule 3 to the Anti-Terrorism, Crime and Security Act
2001 (freezing orders);

[(d) regulation 10 of the Al-Qaida (Asset-Freezing) Regulations 2011; or]

[(e) section 11, 12, 13, 14, 15 or 18 of the Terrorist Asset-Freezing etc Act 2010
(offences relating to the freezing of funds etc of designated persons);]

“trust or company service provider” has the meaning given by regulation 3(10).

Regulation 3 – Application of the Regulations

(1)
Subject to regulation 4, these Regulations apply to the following persons acting in
the course of business carried on by them in the United Kingdom (“relevant
persons”)—

(a)
credit institutions;

(b)
financial institutions;

(c)
auditors, insolvency practitioners, external accountants and tax advisers;

(d)
independent legal professionals;

(e)
trust or company service providers;

(f)
estate agents;

(g)
high value dealers;

(h)
casinos.

[(1A) Regulations 2, 20, 21, 23, 24, 35 to 42, and 44 to 48 apply to an auction platform
acting in the course of business carried on by it in the United Kingdom, and such
an auction platform is a relevant person for the purposes of those provisions.]

(2)
“Credit institution” means—

(a)
a credit institution as defined in [Article 4(1)] of the banking consolidation
directive; or

(b) a branch (within the meaning of Article 4(3) of that directive) located in an
EEA state of an institution falling within sub-paragraph (a) (or an equivalent
institution whose head office is located in a non-EEA state) wherever its head
office is located,

when it accepts deposits or other repayable funds from the public or grants credits
for its own account (within the meaning of the banking consolidation directive).

(3)
“Financial institution” means—

(a)
an undertaking, including a money service business, when it carries out one
or more of the activities listed in points 2 to 12[, 14 and 15] of Annex 1 to the
banking consolidation directive (the relevant text of which is set out in
Schedule 1 to these Regulations), other than—

(i)
a credit institution;

(ii)
an undertaking whose only listed activity is trading for own account in
one or more of the products listed in point 7 of Annex 1 to the banking
consolidation directive where the undertaking does not have a
customer,

and, for this purpose, “customer” means a third party which is not a member of the
same group as the undertaking;

Regulation 5 – Meaning of customer due diligence measures

“Customer due diligence measures” means:

(a)
identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from a reliable and independent source;

(b)
identifying, where there is a beneficial owner who is not the customer, the
beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify
his identity so that the relevant person is satisfied that he knows who the beneficial
owner is, including, in the case of a legal person, trust or similar legal arrangement,

measures to understand the ownership and control structure of the person, trust or
arrangement; and

(c)
obtaining information on the purpose and intended nature of the business
relationship.

Regulation 6 – Meaning of beneficial owner

(1)
In the case of a body corporate, “beneficial owner” means any individual who—

(a)
as respects any body other than a company whose securities are listed on a
regulated market, ultimately owns or controls (whether through direct or
indirect ownership or control, including through bearer share holdings) more
than 25% of the shares or voting rights in the body; or

(b)
as respects any body corporate, otherwise exercises control over the
management of the body.

(2)
In the case of a partnership (other than a limited liability partnership), “beneficial
owner” means any individual who—

(a)
ultimately is entitled to or controls (whether the entitlement or control is
direct or indirect) more than a 25% share of the capital or profits of the
partnership or more than 25% of the voting rights in the partnership; or

(b)
otherwise exercises control over the management of the partnership.

(3)
In the case of a trust, “beneficial owner” means—

(a)
any individual who is entitled to a specified interest in at least 25% of the
capital of the trust property;

(b)
as respects any trust other than one which is set up or operates entirely for the
benefit of individuals falling within sub-paragraph (a), the class of persons in
whose main interest the trust is set up or operates;

(c)
any individual who has control over the trust.

(4) In paragraph (3)—

“specified interest” means a vested interest which is—

(a)
in possession or in remainder or reversion (or, in Scotland, in fee); and

(b)
defeasible or indefeasible;

“control” means a power (whether exercisable alone, jointly with another person or
with the consent of another person) under the trust instrument or by law to—

(a)
dispose of, advance, lend, invest, pay or apply trust property;

(b)
vary the trust;

(c)
add or remove a person as a beneficiary or to or from a class of beneficiaries;

(d)
appoint or remove trustees;

(e)
direct, withhold consent to or veto the exercise of a power such as is
mentioned in sub-paragraph (a), (b), (c) or (d).

(5)
For the purposes of paragraph (3)—

(a)
where an individual is the beneficial owner of a body corporate which is
entitled to a specified interest in the capital of the trust property or which has
control over the trust, the individual is to be regarded as entitled to the
interest or having control over the trust; and

(b)
an individual does not have control solely as a result of—

(i)
his consent being required in accordance with section 32(1)(c) of the
Trustee Act 1925 (power of advancement);

(ii)
any discretion delegated to him under section 34 of the Pensions Act
1995 (power of investment and delegation);

(iii) the power to give a direction conferred on him by section 19(2) of the
Trusts of Land and Appointment of Trustees Act 1996 (appointment
and retirement of trustee at instance of beneficiaries); or

(iv) the power exercisable collectively at common law to vary or extinguish
a trust where the beneficiaries under the trust are of full age and
capacity and (taken together) absolutely entitled to the property subject
to the trust (or, in Scotland, have a full and unqualified right to the fee).

(6)
In the case of a legal entity or legal arrangement which does not fall within
paragraph (1), (2) or (3), “beneficial owner” means—

(a)
where the individuals who benefit from the entity or arrangement have been
determined, any individual who benefits from at least 25% of the property of
the entity or arrangement;

(b)
where the individuals who benefit from the entity or arrangement have yet to
be determined, the class of persons in whose main interest the entity or
arrangement is set up or operates;

(c)
any individual who exercises control over at least 25% of the property of the
entity or arrangement.

(7)
For the purposes of paragraph (6), where an individual is the beneficial owner of a
body corporate which benefits from or exercises control over the property of the
entity or arrangement, the individual is to be regarded as benefiting from or
exercising control over the property of the entity or arrangement.

(8)
In the case of an estate of a deceased person in the course of administration,

“beneficial owner” means—

(a)
in England and Wales and Northern Ireland, the executor, original or by
representation, or administrator for the time being of a deceased person;

(b)
in Scotland, the executor for the purposes of the Executors (Scotland) Act
1900.

(9)
In any other case, “beneficial owner” means the individual who ultimately owns or
controls the customer or on whose behalf a transaction is being conducted.

(10) In this regulation—

“arrangement”, “entity” and “trust” means an arrangement, entity or trust which
administers and distributes funds;

“limited liability partnership” has the meaning given by the Limited Liability
Partnerships Act 2000.

Regulation 7 – Application of customer due diligence measures

(1)
Subject to regulations 9, 10, 12, 13, 14, 16(4) and 17, a relevant person must apply
customer due diligence measures when he—

(a)
establishes a business relationship;

(b)
carries out an occasional transaction;

(c)
suspects money laundering or terrorist financing;

(d)
doubts the veracity or adequacy of documents, data or information previously
obtained for the purposes of identification or verification.

(2)
Subject to regulation 16(4), a relevant person must also apply customer due
diligence measures at other appropriate times to existing customers on a risk-
sensitive basis.

(3)
A relevant person must—

(a)
determine the extent of customer due diligence measures on a risk-sensitive
basis depending on the type of customer, business relationship, product or
transaction; and

(b)
be able to demonstrate to his supervisory authority that the extent of the
measures is appropriate in view of the risks of money laundering and terrorist
financing.

(a)
a relevant person is required to apply customer due diligence measures in the
case of a trust, legal entity (other than a body corporate) or a legal

arrangement (other than a trust); and

(b)
the class of persons in whose main interest the trust, entity or arrangement is
set up or operates is identified as a beneficial owner,

(c)
the relevant person is not required to identify all the members of the class.

(5)
Paragraph (3)(b) does not apply to the National Savings Bank or the Director of
Savings.

Regulation 8 – Ongoing monitoring

(1)
A relevant person must conduct ongoing monitoring of a business relationship.

(2)
“Ongoing monitoring” of a business relationship means—

(a)
scrutiny of transactions undertaken throughout the course of the relationship
(including, where necessary, the source of funds) to ensure that the
transactions are consistent with the relevant person's knowledge of the
customer, his business and risk profile; and

(b)
keeping the documents, data or information obtained for the purpose of
applying customer due diligence measures up-to-date.

(3)
Regulation 7(3) applies to the duty to conduct ongoing monitoring under paragraph
(1) as it applies to customer due diligence measures.

Regulation 11 – Requirement to cease transactions etc.

(1)
Where, in relation to any customer, a relevant person is unable to apply customer
due diligence measures in accordance with the provisions of this Part, he—

(a)
must not carry out a transaction with or for the customer through a bank
account;

(b)
must not establish a business relationship or carry out an occasional
transaction with the customer;

(c)
must terminate any existing business relationship with the customer;

(d)
must consider whether he is required to make a disclosure by Part 7 of the
Proceeds of Crime Act 2002 or Part 3 of the Terrorism Act 2000.

Regulation 14 – Enhanced customer due diligence and ongoing monitoring

(1)
A relevant person must apply on a risk-sensitive basis enhanced customer due
diligence measures and enhanced ongoing monitoring—

(a)
in accordance with paragraphs (2) to (4);

(b)
in any other situation which by its nature can present a higher risk of money

laundering or terrorist financing.

(2)
Where the customer has not been physically present for identification purposes, a
relevant person must take specific and adequate measures to compensate for the
higher risk, for example, by applying one or more of the following measures—

(a)
ensuring that the customer's identity is established by additional documents,
data or information;

(b)
supplementary measures to verify or certify the documents supplied, or
requiring confirmatory certification by a credit or financial institution which
is subject to the money laundering directive;

(c)
ensuring that the first payment is carried out through an account opened in
the customer's name with a credit institution.

(3)
A credit institution (“the correspondent”) which has or proposes to have a
correspondent banking relationship with a respondent institution (“the respondent”)
from a non-EEA state must—

(a)
gather sufficient information about the respondent to understand fully the
nature of its business;

(b)
determine from publicly-available information the reputation of the
respondent and the quality of its supervision;

(c)
assess the respondent's anti-money laundering and anti-terrorist financing
controls;

(d)
obtain approval from senior management before establishing a new
correspondent banking relationship;

(e)
document the respective responsibilities of the respondent and correspondent;
and

(f)
be satisfied that, in respect of those of the respondent's customers who have
direct access to accounts of the correspondent, the respondent—

(i)
has verified the identity of, and conducts ongoing monitoring in respect
of, such customers; and

(ii)
is able to provide to the correspondent, upon request, the documents,
data or information obtained when applying customer due diligence
measures and ongoing monitoring.

(4) A relevant person who proposes to have a business relationship or carry out an
occasional transaction with a politically exposed person must—

(a)
have approval from senior management for establishing the business
relationship with that person;

(b)
take adequate measures to establish the source of wealth and source of funds
which are involved in the proposed business relationship or occasional
transaction; and

(c)
where the business relationship is entered into, conduct enhanced ongoing
monitoring of the relationship.

(5) In paragraph (4), “a politically exposed person” means a person who is—

(a)
an individual who is or has, at any time in the preceding year, been entrusted
with a prominent public function by—

(i)
a state other than the United Kingdom;

(ii)
a Community institution; or

(iii) an international body,

including a person who falls in any of the categories listed in paragraph 4(1)(a) of
Schedule 2;

(b)
an immediate family member of a person referred to in sub-paragraph (a),
including a person who falls in any of the categories listed in paragraph
4(1)(c) of Schedule 2; or

(c)
a known close associate of a person referred to in sub-paragraph (a),
including a person who falls in either of the categories listed in paragraph
4(1)(d) of Schedule 2.

(6) For the purpose of deciding whether a person is a known close associate of a
person referred to in paragraph (5)(a), a relevant person need only have regard to
information which is in his possession or is publicly known.

Regulation 19 – Record-keeping

(1) Subject to paragraph (4), a relevant person must keep the records specified in
paragraph (2) for at least the period specified in paragraph (3).

(2) The records are—

(a)
a copy of, or the references to, the evidence of the customer's identity
obtained pursuant to regulation 7, 8, 10, 14 or 16(4);

(b)
the supporting records (consisting of the original documents or copies) in
respect of a business relationship or occasional transaction which is the
subject of customer due diligence measures or ongoing monitoring.

(3) The period is five years beginning on—

(a)
in the case of the records specified in paragraph (2)(a), the date on which—

(i)
the occasional transaction is completed; or

(ii)
the business relationship ends; or

(b)
in the case of the records specified in paragraph (2)(b)—

(i)
where the records relate to a particular transaction, the date on which
the transaction is completed;

(ii)
for all other records, the date on which the business relationship ends.

Regulation 20 – Policies and procedures

(1)
A relevant person must establish and maintain appropriate and risk-sensitive
policies and procedures relating to—

(a)
customer due diligence measures and ongoing monitoring;

(b)
reporting;

(c)
record-keeping;

(d)
internal control;

(e)
risk assessment and management;

(f)
the monitoring and management of compliance with, and the internal
communication of, such policies and procedures,

in order to prevent activities related to money laundering and terrorist financing.

(2)
The policies and procedures referred to in paragraph (1) include policies and
procedures—

(a)
which provide for the identification and scrutiny of—

(i)
complex or unusually large transactions;

(ii)
unusual patterns of transactions which have no apparent economic or
visible lawful purpose; and

(iii) any other activity which the relevant person regards as particularly
likely by its nature to be related to money laundering or terrorist
financing;

(b)
which specify the taking of additional measures, where appropriate, to
prevent the use for money laundering or terrorist financing of products and
transactions which might favour anonymity;

(c)
to determine whether a customer is a politically exposed person;

(d)
under which—

(i)
an individual in the relevant person's organisation is a nominated
officer under Part 7 of the Proceeds of Crime Act 2002 and Part 3 of
the Terrorism Act 2000;

(ii)
anyone in the organisation to whom information or other matter comes
in the course of the business as a result of which he knows or suspects
or has reasonable grounds for knowing or suspecting that a person is
engaged in money laundering or terrorist financing is required to
comply with Part 7 of the Proceeds of Crime Act 2002 or, as the case
may be, Part 3 of the Terrorism Act 2000; and

(iii) where a disclosure is made to the nominated officer, he must consider it
in the light of any relevant information which is available to the
relevant person and determine whether it gives rise to knowledge or
suspicion or reasonable grounds for knowledge or suspicion that a
person is engaged in money laundering or terrorist financing.

(3)
Paragraph (2)(d) does not apply where the relevant person is an individual who
neither employs nor acts in association with any other person.

Regulation 36 - Interpretation

In this Part —

“designated authority” means:

(a)
the Authority;

(b)
the Commissioners; [and]

(c)
the OFT;

Regulation 42 – Power to impose civil penalties

(1)
A designated authority may impose a penalty of such amount as it considers
appropriate on a relevant person [(except an auction platform)] who fails to comply
with any requirement in regulation 7(1), (2) or (3), 8(1) or (3), 9(2), 10(1), 11(1),
14(1), 15(1) or (2), 16(1), (2), (3) or (4), 19(1), (4), (5) or (6), 20(1), (4) or (5), 21,
26, 27(4) or 33 or a direction made under regulation 18 and, for this purpose,
“appropriate” means effective, proportionate and dissuasive.

(2)
The designated authority must not impose a penalty on a person under paragraph
(1) [or (1A)] where there are reasonable grounds for it to be satisfied that the
person took all reasonable steps and exercised all due diligence to ensure that the
requirement would be complied with.

(3)
In deciding whether a person has failed to comply with a requirement of these
Regulations, the designated authority must consider whether he followed any
relevant guidance which was at the time—

(a)
issued by a supervisory authority or any other appropriate body;

(b)
approved by the Treasury; and

(c)
published in a manner approved by the Treasury as suitable in their opinion
to bring the guidance to the attention of persons likely to be affected by it.

(4)
In paragraph (3), an “appropriate body” means any body which regulates or is
representative of any trade, profession, business or employment carried on by the
[person].

(5)
Where the Commissioners decide to impose a penalty under this regulation, they
must give the person notice of—

(a)
their decision to impose the penalty and its amount;

(b)
the reasons for imposing the penalty;

(c)
the right to a review under regulation [43A]; and

(d)
the right to appeal under regulation [43].

(6)
Where the Authority, the OFT or DETI proposes to impose a penalty under this
regulation, it must give the person notice of—

(a)
its proposal to impose the penalty and the proposed amount;

(b)
the reasons for imposing the penalty; and

(c)
the right to make representations to it within a specified period (which may
not be less than 28 days).

(7)
The Authority, the OFT or DETI, as the case may be, must then decide, within a
reasonable period, whether to impose a penalty under this regulation and it must
give the person notice of—

(a)
its decision not to impose a penalty; or

(b)
the following matters—

(i)
its decision to impose a penalty and the amount;

(ii)
the reasons for its decision; and

(iii)
the right to appeal under regulation 44(1)(b).

(8)
A penalty imposed under this regulation is payable to the designated authority
which imposes it.


© regulatorwarnings.com

Regulator Warnings Logo