With recent AML breaches from high profile financial institutions on both sides of the Tasman, regulators are now being far more active in investigating AML compliance practices, targeting KYC obligations and putting strain on compliance teams.
In illion’s recent PEP & Sanctions webinar and blog, the increasing importance of being able to demonstrate a clear understanding of how your monitoring system works when regulators visit was highlighted by Neil Marshall, Partner Manager of UK-based FinScan.
In June 2020, the UK’s Financial Conduct Authority fined Commerzbank AG (London Branch) £37,805,400 for failing to put adequate anti-money laundering (AML) systems and controls in place between October 2012 and September 2017. Commerzbank London was aware of these weaknesses and failed to take reasonable and effective steps to fix them.
The FCA’s investigation identified failings in a number of areas, including Commerzbank London’s failure to:
- Conduct timely periodic due diligence on its clients, which resulted in a significant number of existing clients not being subject to timely know-your-customer (KYC) checks.
- Adequately identify and assess the risks associated with politically exposed persons (PEPs) or adhere strictly to the bank’s policy on verifying beneficial ownership of clients, including high-risk clients, from independent and reliable sources; and
- Have adequate policies and procedures in place when undertaking customer due diligence on clients. Commerzbank therefore breached Principle 3 of the FCA’s Principles for Businesses, which requires firms to have adequate risk management systems in place.
The need to have adequate risk management systems in place is a given. If you cannot explain your AML/CTF processes and procedures in detail (how does your match algorithm work, for instance?) then, in the eyes of a regulator you do not have an adequate process in place, which means you are not compliant.
Source: illion news