While the FCA can use their regulatory and criminal powers against firms, this is the FCA’s first ever criminal prosecution under the MLRs against a bank. Although criminal prosecutions will be ‘exceptional’, the Natwest case is a significant development, as it signals that the UK is not a ‘white elephant’ and that the FCA will make use of their full powers in relation to MLR breaches. This is something that Mark Steward, Director of Enforcement has pledged to do. The prosecution also supports the concept of ‘credible deterrence’ which is central to the FCA’s enforcement work.
The NatWest case arises from the handling of funds deposited into accounts operated by a customer of NatWest bank. The FCA alleges that approximately £365 million was paid into the customer’s accounts, of which around £264 million was in cash. This took place in the five-year period between November 2011 and October 2016.
The FCA alleges that NatWest failed to adhere to the requirements of regulations 8(1), 8(3) and 14(1) within the MLRs. These regulations relate to ongoing monitoring of business relationships, which should be applied on a risk-sensitive basis. They include the requirement to scrutinise transactions undertaken throughout the course of the relationship to ensure they are consistent with the FI’s knowledge of the customer, the customer’s business and risk profile and keeping the documents, data or information obtained for the purpose of applying customer due diligence (CDD) measures up to date. This case highlights the importance for FIs to demonstrate and be able to evidence they have robust controls in place to ensure the ongoing monitoring of business relationships with their customers.
Where FIs cannot demonstrate they have a sufficient and up to date understanding of their customers and any potential financial crime risk they pose to the firm, KYC remediation programmes should be undertaken. The customer you have today, may not be the customer you thought they were when you onboarded them.
KYC remediation can be a daunting task, but it does not have to be. With the right people, preparation and mindset, a successful remediation programme will not only reduce business risk, but it will also create an opportunity for FIs to better understand their customers and how to best serve them.
EFI has conducted several successful KYC remediation programmes for a wide range of clients and has created a handbook to share best practices learned. This handbook details the pillars of a successful programme and highlights the key questions FIs should be asking themselves to assess their readiness.
Pillars to success:
- Exceptional people
- Honest appraisal and risk-focused conversations
- Strong governance
- Meaningful data
- The right mindset