Why AML compliance counts

Why is AML important? Well, it’s not because you might get a whopping fine for non-compliance (well, not all about that anyway). Here's a cautionary tale featuring Fowler Oldfield and why AML compliance counts.

AML hits the headlines

One story has dominated the anti-money laundering (AML) headlines in recent months and that’s Natwest and the story of its relationship with Bradford-based jeweller Fowler Oldfield. 

The bank was fined £265 million after admitting breaching anti-money laundering regulations. Fowler Oldfield had deposited around £365 million over a five-year-period, and some of this was in cash that had been left at the bank in bin bags. 

The Financial Conduct Authority (FCA) published a 100+ page statement detailing the failures in Natwest. However, the document also shows there was an awful lot the bank got right in terms of its approach to anti-money laundering controls. 

The FCA recently found weaknesses in HSBC’s transaction monitoring systems too. It fined the bank to the tune of nearly £64 million for failing to test and update thresholds and for failing to identify suspicious activity.

It’s easy to think that with the right processes in place these sorts of mistakes can’t happen but this misses some of the crucial points, which we'll take a look at now.  

Fowler Oldfield - what happened?

Fowler Oldfield have been active in sales of precious metals for more than a century and were onboarded to Natwest five years ago. 

At the start, it was clear the client was seen as being from a high-risk industry. When Natwest’s relationship manager stressed that cash management would not figure in the relationship, the client was approved. It was also suggested that the profile should be reviewed in six months. 

However, the day after the account was opened, Fowler Oldfield was registered on the bank’s back office system for a quick deposit. This is a product allowing customers to deposit cash into their accounts via an automated drop box and without necessarily engaging with a Natwest branch or employee. An administrative oversight meant this was enabled from the start, despite the client being onboarded as a high-risk, non-cash customer.

Good practice

Despite the crucial oversights with regards Fowler Oldfield’s setup, there was a lot of AML good practice in Natwest. Indeed, it seems the bank had effective controls in place that simply weren't properly or fully operated by staff. 

Natwest had systems in place to deliver more stringent limits and to trigger transaction monitoring alerts but there were major issues with the execution of these controls. 

From the earliest days of the relationship, it was clear the bank had in place detailed policy and procedural requirements. However, this turned out to be more theory than practice in the case of Fowler Oldfield. 

Ongoing risk monitoring and periodic reviews

As Fowler Oldfield was rated high-risk, the bank's periodic review policy dictated that it should have automatically been subject to another review in November 2012, 6 months after onboarding. But this review did not take place. When alerts were raised about cash volumes being transacted in the account, the relationship manager deemed them in line with expectations. 

In 2016, a transaction monitoring manager separately identified the mislabelling of cash entering through the direct cash product as cheque deposits. The problem was the machine couldn't see excessive cash throughput, it could see excessive cheque throughput. 

During 2015, Natwest added new rules that would have alerted the cash check staff to suspicious activity, but many of these rules were deactivated a few months later. The reason for this being that the system was generating too many alerts to handle. 

All the bank’s policies and controls were there, but they weren’t used, were misapplied, or just weren’t workable in the case of Fowler Oldfield. And the company was therefore able to launder its money through the high street bank.

Natwest was trying to become more responsive to the kinds of money-laundering risks observed across the financial services industry, but with no regular reviews or update of risk settings, no business or technology documentation, and not enough engagement from the business with alerts, everything basically went very wrong. 

Perpetual KYC 

In HSBC’s case, one customer set up an account and received five identical payments of nearly £10,000 on a single day, but the bank failed to spot anything suspicious. The customer was arrested for cigarette smuggling a few months later.

As the Natwest and HSBC stories demonstrate, attention to detail in AML and ongoing risk management is everything. KYC checks must take place regularly and monitoring should be an ongoing process. KYC should be constantly reviewed and remediated to mitigate the risk of money laundering.

Any regulated financial services company is responsible for maintaining Know Your Customer [KYC] or Know Your Business [KYB] information and for performing due diligence. This is a requirement that applies through the customer lifecycle, not just at onboarding. KYC should be approached as an ongoing process - one that is alive - otherwise known as perpetual KYC. 

Perpetual KYC and ongoing risk monitoring can be automated too. Due diligence checks can be automatically set to rerun to review the risk status of an account or profile. And real-time risk monitoring can be used to flag any changes in risk status. There will sometimes be ‘false positives’ when it comes to AML, these are what cause too many alerts, but with digital workflows and access to quality data providers, these can be managed and minimised.

And why is AML compliance important?

Going back to the beginning and our original question - why is AML important? Well, it’s not because it helps you avoid fines. 

Here’s a little snapshot of the kinds of things ‘dirty money’ perpetuates and why it's important to tackle money-laundering: 

  • Drugs trading: From the Office for National Statistics we learn that “...in 2020, 4,561 deaths related to drug poisoning were registered in England and Wales; this is 3.8% higher than the number of deaths registered in 2019.”

  • Fraud: The National Crime Agency tells us “...fraud losses to the UK are around £190 billion every year, with the private sector hit hardest losing around £140 billion. The public sector may be losing more than £40 billion and individuals around £7 billion.”

AML is important because organised crime, and its proceeds are seriously dangerous to individuals and excessively costly to businesses and society more widely. Therefore, banks having controls and exercising them effectively on an ongoing basis is important to us all.

Get in touch

PassFort’s RegTech solutions automate anti-financial crime and compliance processes. They allow regulated businesses to rapidly onboard new customers, while preventing bad ones gaining access to products or highlighting when there is a change to risk status that could indicate money laundering is going on. 

Regulated firms can manage risk and compliance at onboarding, and maintain these standards throughout the customer lifecycle. It helps take a risk policy from theory into practice. 

The weight of risk management activity can fall on the PassFort risk engine instead of on compliance staff, so they are able to focus time on analysis, judgement and decision-making.

If you’d like to discuss your approach to KYC, perpetual KYC and anti-money laundering, please get in touch - we’d love to hear from you.