On December 13, 2021, NatWest was fined close to £264 million following its conviction for three offenses of failing to comply with the UK’s money-laundering regulations (the MLRs)1.
As the first criminal prosecution under the MLRs, the judge’s sentencing remarks provide new insights for regulated firms.
In this Sidley Update, we have set out the FCA’s rationale for why a criminal prosecution was pursued despite NatWest’s AML systems’ being “consistent with industry standards”; the possibility of individual prosecutions being pursued in the future; and the next steps for regulated firms to take.
Why did the FCA choose to pursue criminal prosecution?
On December 13, 2021, the FCA issued a response to the Treasury Committee’s queries on the FCA-NatWest case (the FCA Response) in which it explained that its decision to pursue a criminal prosecution was based on two key factors: (i) early evidence of “particularly egregious failures” and (ii) “compelling public interest factors.”
Failures in NatWest’s AML systems and procedures
Whilst NatWest’s “overall” ongoing monitoring systems were in fact “consistent with industry guidance”, the judge explained in her sentencing remarks that NatWest’s front-office systems neglected certain aspects of industry guidance that ultimately led to the failings in the case.
Regulated firms should consider the following points carefully and the extent to which they may be applicable to their own current customer-facing practices.
- Overreliance on relationship managers. NatWest’s customer-facing activity (i.e., the “first line of defense”) failed as it “did not address the need for staff to guard against overreliance being placed on relationship managers when considering suspicious activity on a customer account.” This risk was specifically highlighted in the FCA’s “Financial Crime Guide.”
- Failure to apply risk-based customer monitoring systems. NatWest’s automated monitoring system failed to differentiate high-risk customers and apply additional specific rules and scrutiny for such customers (e.g., providing differential risk markers for AML investigators). This failed to fulfil Joint Money Laundering Steering Group (JMLSG) guidance for firms to monitor customer transactions to ensure they are consist with the customer’s risk profile.
The FCA has made clear that AML enforcement has been a “strategic priority” for many years and will continue to be so. As such, it considered that there was a significant public interest in pursuing a criminal prosecution to ensure that UK banks comply with their obligations under the MLRs.
This sentiment was reflected in the imposition of a substantial fine of £265 million with the court explaining that it considered the need for “appropriate additional punishment and deterrence to the wider market as well as [NatWest] itself.” NatWest also received a confiscation order to forfeit £460,000 in fees and charges that were gained from the customer and an order to cover the FCA’s cost of proceedings, which amounted to almost £4.3 million.
The sentencing judge made clear that it is “incumbent” on important financial institutions to “justify their position by a scrupulous regard” for maintaining effective AML systems and ensuring that those who seek to launder money “are not allowed to flourish.”
Why were no individuals prosecuted, and will the FCA pursue this?
Under the MLRs, an individual can be charged as an ancillary to an offense by a regulated firm if the individual is an “officer” of the firm. However, in the FCA Response, the regulator noted that pursuing such a charge is particularly challenging: The individual would need to have an “officer” role in the company, and the prosecution would need to demonstrate that the individual had requisite knowledge of the failures or was personally negligent in bringing them about.
Notably, the FCA explained that it had carefully considered the role of individuals throughout the investigation. However, it ultimately found that there was insufficient evidence to establish liability on an individual level given the “distribution and allocation of system knowledge and responsibilities for AML functions.”
The FCA Response suggests that the likelihood of pursuing criminal prosecutions against individuals remains highly challenging. The facts of this case were particularly egregious (there were instances of millions of pounds in cash being delivered in black bin bags), and yet there was still insufficient evidence to support a criminal prosecution against any officer.
However, the Senior Managers & Certification Regime (SMCR) may provide the FCA with additional tools to pursue civil sanctions against individuals in the future (its application postdates the period of NatWest’s culpability). The regime was implemented to increase individual accountability in regulated firms and provides the possibility for the FCA to investigate individuals subject to the FCA Code of Conduct, although the FCA’s appetite for enforcement under the regime remains to be seen.
What are the next steps for regulated firms?
- Keep MLR compliance as a business priority. The FCA and the court’s ruling have made clear that financial institutions play a significant role in preventing money laundering. The sentencing judge stated that even if NatWest were “in no way complicit” in criminal activity, it was “functionally vital” to money laundering. The court made clear that from its perspective, “without [NatWest] and without [NatWest’s] failures — the money could not be effectively laundered.”
- Apply risk-based monitoring systems. As highlighted by the case, regulated firms should ensure that they apply risk-based monitoring systems that are able to differentiate high-risk customers and apply higher levels of scrutiny.
- Maintain ongoing risk assessments. A customer’s risk rating should be evaluated on an ongoing basis and in a meaningful manner. In this case, NatWest has repeatedly failed to identify that the customer was erroneously rated as ‘low’ or ‘medium’ risk for most of the relationship. Moreover, , investigations into any suspicious activity should consider a wide range of sources to prevent over-reliance on information from customer-facing channels (e.g., relationship managers).
- Evaluate AML systems regularly. As a whole, regulated firms should proactively review their AML policies and procedures on an ongoing basis and remain responsive to any changes that may be needed. This includes complying with all “relevant approved guidance” from the industry, such as the JMLSG’s guidance and the FCA’s “Financial Crime Guide.”
- Stay up to date with regulatory developments. As explained in our previous Sidley Update, there may be changes to the UK’s AML/CTF regulatory and supervisory regime in the horizon. The FCA’s actions and the UK government’s recent call for evidence and consultation on MLR 2017 demonstrate a key focus by the regulator and the government on combatting financial crime and reviewing enforcement measures in the future.
- Seek early professional advice. Early pre-emptive action and communication with professional advisers and authorities is important and were identified as key mitigating factors in the FCA’s sentencing. If a regulated firm identifies areas of concern or a potential risk of action by the FCA, it should seek advice at an early stage. Sidley can assist with assessing and advising on the appropriate steps it should take.
1The NatWest proceedings relate to offenses under the UK’s Money Laundering Regulations 2007 (MLR 2007). However, MLR 2007 has been superseded by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), which applied from June 2017. As with MLR 2007, MLR 2017 contains requirements relating to due diligence and ongoing monitoring, which are relevant for firms’ anti-money-laundering and counterterrorist financing (AML/CTF) policies and procedures.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.