Tech and Crime Series: Has the FCA bitten off more than it can chew with its NatWest Prosecution?

  6 1 comment

Tech and Crime Series: Has the FCA bitten off more than it can chew with its NatWest Prosecution?

Contributed

This content is contributed or sourced from third parties but has been subject to Finextra editorial review.

News broke on Tuesday 16 March 2021 that the Financial Conduct Authority (the “FCA”) has started criminal proceedings against NatWest Bank (“NatWest”) for alleged offences relating to the adequacy of procedures in place to prevent money laundering.   

These proceedings are in respect of offences under the Money Laundering Regulations 2007 (the “2007 Regulations”).  It is alleged that between 11 November 2011 and 19 October 2016 NatWest failed to adhere to the requirements of regulations 8(1), 8(3) and 14(1) of the 2007 Regulations.

In essence, these regulations require institutions to determine, conduct, and demonstrate risk-sensitive due diligence and ongoing monitoring of its relationships for the purposes of preventing money laundering.  Under regulation 45 of the 2007 Regulations, a failure to comply with the requirement in earlier regulations can result in criminal liability. 

The fact that the FCA has chosen to bring proceedings under these regulations, rather than the specific anti-money laundering legislation under the Proceeds of Crime Act 2002, suggest that the FCA has identified alleged regulatory oversights rather than an active involvement in money laundering.  Albeit regulatory oversights that potentially invoke criminal liability.

Despite the age of the regulations, this is the first time that the FCA has initiated a criminal prosecution under the 2007 Regulations, and the first prosecution under the 2007 Regulations of a bank. Two points of interest arise, primarily the fact that this is the first FCA prosecution under the 2007 Regulations, and secondarily, the fact that the prosecution is aimed solely at the corporate.

Of course, the 2007 Regulations have since been superseded, initially by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and then most recently by new rules to being in line with the Fifth Anti Money Laundering Directive. However, the fact that the prosecution is being bought under the 2007 Regulations, is not unusual and reflects the fact that the allegations span the period when these regulations were in place.

Indeed, the more recent money laundering regulations came into force on 26 June 2017, well outside the period of alleged criminality in this case. Had the allegations spanned a period overlapping both regulations then this would have been a more interesting scenario. It would have involved a more careful consideration into the appropriate regulation to prosecute under. Given the fact that the prosecution is being brought solely in relation to a timeframe ending in October 2016 there was no need for such a consideration, or rather there may have been a decision to only focus on a specific timeframe.

More interesting is the fact that this is the first criminal prosecution under the 2017 Regulations by the FCA, and the first prosecution against a bank. One must really question the practical criminal applicability of regulations to the FCA which have only been used in a criminal context once, despite being in place for 10 years. Time will tell whether other cases come out of the woodwork.

Of course, lack of FCA prosecutions might be due to exceptional compliance standards. However, one only has to look at the annually published list of reported final notices on the FCA’s website, including for breaches of anti-money laundering offences, and indeed more widely to the HSBC case below, to understand that this is not the case.

It more likely reflects the difficulty in establishing criminal responsibility to the required standard against both individuals and corporations under these regulations. This therefore might be a case of the FCA demonstrating that it can bear its teeth and initiate criminal proceedings where appropriate. The fact still remains that in the majority of circumstance we have witnessed so far, the FCA has relied on regulatory proceedings.

Finally, it is interesting that the corporate has been charged rather than any individuals i.e. employees at the bank. As was established in the recent attempted prosecution of Barclays Bank, in that case by the Serious Fraud Office and for fraud offences, asserting criminal liability against a corporate can be far from straightforward. The FCA may have an uphill battle on its hands. Indeed, it is arguably easier to pin criminal liability on individuals rather than a corporate. However, the FCA has determined that it can go for the corporate but it may lead one to wonder whether they have bitten off more than they can chew.

In relation to potential outcome, readers will no doubt be aware that in December 2012 HSBC admitted to anti-money laundering and sanctions violations. They paid a hefty $1.256 billion settlement to the Department of Justice in a deferred prosecution agreement. This was in relation to conduct which included “HSBC’s blatant failure to implement proper anti-money laundering controls facilitated the laundering of at least $881 million in drug proceeds through the U.S. financial system”’.

However, this possibility is not applicable in relation to criminal proceedings initiated by the FCA. Section 27, Part 2 (Offences in relation to which a DPA may be entered into) Schedule 17 to the Crime and Courts Act 2013 (the “2013 Act”) enables a Deferred Prosecution Agreement to be entered into in relation to an offence under regulation 45 of the Money Laundering Regulations 2007. However, Section 1 of the 2013 Act only permits a DPA as an agreement with a designated prosecutor, which according to Section 3(1) of the 2013 Act are the Director of Public Prosecutions and the Director of the Serious Fraud Office. 

It is going to be an interesting case to follow, especially the FCA’s decision to go for the corporate and whether the regulator really has bitten off more than it can chew?  It might be said that there is a little bit of muscle flexing here in order to prove the point that no entity is too big to be pursued by the FCA.  Time will tell, but I for one will be watching closely.

Channels

Comments: (1)

Marite Ferrero

Marite Ferrero Director at Lumiere LTD

"FCA has determined that it can go for the corporate but it may lead one to wonder whether they have bitten off more than they can chew."

I quite agree with how FCA has handled these cases. Responsibility to comply is with the Bank (Corporate). What this means is that they (Corporates/Banks) need to provide systems, processes and controls to ensure that the company and its employees comply and have adequate checks against AML.

More details about Natwest case is published by FCA: 

"The case arises from the handling of funds deposited into accounts operated by a UK incorporated customer of NatWest. The FCA alleges that increasingly large cash deposits were made into the customer’s accounts. It is alleged that around £365 million was paid into the customer’s accounts, of which around £264 million was in cash.

It is alleged that NatWest's systems and controls failed to adequately monitor and scrutinise this activity."

https://www.fca.org.uk/news/press-releases/fca-starts-criminal-proceedings-against-natwest-plc

A bit mind-boggling to guess the velocity/frequency by which this £264 million in cash was deposited within 5 years (2011 - 2016). Even if it was spread out within 60 months, that's a deposit of £4.4 million in cash each month. This was from a UK incorporated customer. What would be interesting to know about this case is what kind of trading is this Natwest's UK incorporated customer doing?

/crime Long Reads

Níamh Curran

Níamh Curran Senior Reporter at Finextra

6 social media scams to look out for

/crime

Níamh Curran

Níamh Curran Senior Reporter at Finextra

What you need to know about APP reimbursement

/crime

Níamh Curran

Níamh Curran Senior Reporter at Finextra

Deepfakes: The role banks play in fraud education

/crime

Hamish Monk

Hamish Monk Senior Reporter at Finextra

How to prevent a cyber-attack

/crime

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.