According to its website, the FCA levied fines totaling £567,765,219.95 in 2021. This is a huge increase from the £192 million levied in 2020. This includes the huge £264,772,619.95 fine imposed on NatWest by Southwark Crown Court for AML failures. Of this total, some £329 million was imposed in December alone. While we know that the FCA process for taking such action is long and protracted, and will therefore have started sometime before, the levying of these fines is a sure sign of the FCA’s more aggressive approach to enforcement.
Responsibility
The FCA has been at pains, not least in the Payment Services and E-Money sector, to stress the importance of management being personally responsible for the actions of the firm. Therefore, it will be interesting to see whether and to what extent the senior managers responsible for the decisions and/or lack of control that led to the fines being levied will be held personally accountable under the Senior Managers & Certification Regime (SM&CR). Given the apparent decision in the NatWest case to turn off AML alerts, this would seem a clear case where action under the regime would be called for.
It is the case that the actions leading to the NatWest prosecution took place between 2012 and 2016, and the SM&CR regime applied to banks only from March 2016, so there is limited crossover in terms of time, but the SM&CR regime does require an annual assessment of fitness and propriety by the firm.
Requirements
The relevant part of the Act requires the firm to:
“(a) consider whether there are any grounds on which a regulator could withdraw the approval under this section, and
(b) if the authorised person is of the opinion that there are such grounds, notify the regulator of those grounds.”
One would think that if a person with senior management responsibility had been responsible for decisions leading to an AML breach which resulted in a criminal prosecution, this should at least give the bank cause for consideration as to their continued fitness for such a role.
The FCA’s statement in their business plan for 2021/22 that they would be “more assertive” and willing to test the limits of its own powers along with the move of some decision making from the Regulatory Decisions Committee (RDC) to FCA senior managers (although this does not include the levying of fines). This is likely to mean that FCA regulatory action will be quicker and more common (and indeed it can be argued that by reducing the RDC’s workload it may mean that decisions on the application of fines and other disciplinary sanctions may be sped up).
What does this mean for payment firms?
Interestingly, the decision to begin civil and/or criminal proceedings lies with FCA senior management, and one imagines that the success in the NatWest case may mean that the FCA is likely to be more confident in taking such action in the future.
For payments and E-money firms, this has a number of potential impacts…
Firstly, as always, the perceived high risk of financial crime and money laundering is likely to further tighten banks’ risk appetites in offering and continuing to provide banking facilities to payment institutions, particularly those operating in cash. We have already seen banks seeking more evidence from firms that their AML processes are appropriately controlled as a requirement to continue to provide banking services.
Secondly, the FCA is itself focusing effort on governance and controls within the payments sector across the board, but with particular emphasis on AML and Financial Crime as well as Safeguarding and Financial Resilience. As many readers will have heard me say, the FCA’s approach is generally “if it’s not written down, it didn’t happen”, so having evidence of, and justification for, your actions as a Payment Services Directive or E-Money Directive individual becomes ever more important, as you may need to use it to satisfy both the FCA and your bankers.
Resolution
A suitable New Year’s resolution for payments firms would be to check your governance and controls to make sure that they would satisfy the regulator – which will generally mean having some sort of independent audit or review. Looking at the fines that have been levied and the FCA’s and banks’ increasingly aggressive approach, the cost of this is a worthwhile investment.
As has been said before, “if you think compliance is expensive – try non-compliance”.
