FCA has fined Sonali Bank £3,250,600 and restricted it from accepting deposits from new customers for 168 days, and also fined the bank’s former MLRO £17,900 and banned him from performing the MLRO or compliance oversight functions. FCA found the bank had serious and systemic weaknesses at almost every level of its AML control and governance structure for four years. It did not properly carry out CDD, identify PEPs and treat them appropriately, nor properly carry out transaction and customer monitoring, nor make SARs. FCA found the bank breached Principle 3 and, to make matters worse, it then breached Principle 11 while FCA was investigating it when it did not notify FCA of an allegation of significant fraud. The firm had also previously had clear warnings about the weaknesses. Steven Smith, the MLRO, had also had repeated warnings from internal audit, but had failed to put in place monitoring arrangements and had not identified weaknesses in internal controls and lack of appropriate staff knowledge. Moreover he had not properly reported auditors’ concerns, and had both reassured senior management controls were working well when they weren’t and failed to stress the need for more MLRO resource. FCA felt Mr Smith showed a serious lack of competence and capability and did not take potential steps that he could have done, although he was undersupported and overworked. This is not the first time FCA has stopped banks taking on new business for a while, nor the first time it has taken action against MLROs, but the severity of this punishment is testament to the repeated warnings FCA has given the banking sector, exacerbated by the particular facts of this case and the many failings that went on for extended periods. The bank’s business model meant that much of its activity should have been categorised as high-risk, the board should have recognised this and its policies and procedures should have reflected it.