AML enforcement: the FCA impose a significant fine on Commerzbank for AML failings

Commerzbank has been fined £37,805,400 for anti-money laundering failings by the Financial Conduct Authority (FCA), which yesterday published its Final Notice in relation to this matter.

The FCA noted a series of specific failures and breaches of Principle 3 (Management and Control) by Commerzbank. In particular, it found that:

• A significant backlog had developed, during 2012-2017, of clients that were overdue a KYC refresh. This was partly due to understaffing of the first and second lines of defence tasked with carrying out key AML controls:
  • Specifically, the compliance team was expanded from three full-time employees in mid-2016 to forty two full-time employees in mid-2018 after the need to increase staff in this area was acknowledged.
  • By February 2017, 2,226 existing clients were overdue refreshed KYC checks. Steps taken to reduce the backlog were taken too late and were effected too slowly.
• An exceptions process was misused in order to allow the bank to continue engaging with clients even though KYC checks were overdue.
  • One example was given of a high-risk client who was nearly 5 years overdue a KYC refresh, but who nevertheless entered into 16 transactions with the bank.
• Commerzbank’s automated tool for monitoring money laundering risk was not fit for purpose.
  • It was found that at one stage 40 high-risk countries and 1,100 high-risk clients were not included in the automated monitoring system.
• Certain business areas did not always adhere to the bank’s policy of verifying the beneficial ownership of clients, including high risk clients, from a reliable and independent source.

There were further failings of Commerzbank that were identified by the FCA, such as: (i) inadequate due diligence on intermediaries; (ii) inadequate checks on politically exposed persons; (iii) inadequacies in the procedure for terminating client relationships; and (iv) a lack of clarity around responsibility for AML. However, the key examples given above illustrate how important it is to address AML failings within an organisation promptly, in order to prevent serious issues from compounding and becoming unmanageable. The FCA visited Commerzbank in 2012, 2015 and 2017 to discuss its AML framework and identify weaknesses, but these were not adequately responded to and addressed.

Interestingly, the FCA was clear that there was no evidence of financial crime having been occasioned or facilitated by these failings, but the fine was imposed for the failure to maintain adequate policies and procedures. Firms subject to the Money Laundering Regulations are required to take reasonable care to organise their affairs responsibly and effectively, with adequate risk management systems. They must have policies and procedures in place that are comprehensive and proportionate to their business activities, to enable them to identify, assess, monitor and manage money laundering risk.

It is also important to note that another European bank has also today been fined 1.6m krona (approximately £140,000) for failures in its money-laundering and terrorist-financing controls. Despite the different scale of the monetary fines imposed in these two cases, it appears that AML enforcement remains an active and high priority area both in the UK and Europe. Firms would be well advised to ensure that high standards of AML compliance are maintained at all times, even in the difficult conditions presented by COVID-19 and the associated restrictions.