FCA has fined Commerzbank AG London Branch nearly £38m for AML systems and controls failings spanning a 5 year period to September 2017. The bank benefited from a 30% discount for early settlement.
Many of the bank’s global customers use products and platforms managed through the London branch, which acted as a hub for sales, trading and due diligence processes for a significant number of global customers. The failings started in October 2012 and FCA raised specific concerns in 2012, 2015 and 2017 and was at the time also publishing guidance about its expectations on firms and taking enforcement action against a number of firms for AML failings. Additionally, the US regulators had taken action against the bank in 2015 for AML failings (which did not involve the London branch) Nevertheless, the failings in the bank continued.
The failings included:
- shortcomings in its financial crime controls applicable to introducers and distributors, specifically in the use of group introduction certificates;
- instances where identification and risk assessment of PEPs was inadequate;
- failure by certain business areas to comply with the London branch policies on verification of beneficial ownership;
- a lack of full process for terminating a client relationship because of financial crime concerns;
- failure to have a clear articulation of risk and issue owners;
- failure to conduct timely periodic due diligence on clients. Many clients were as a result overdue on updated checks, and of those many were able to continue dealing with the branch under an improperly controlled or overseen exceptions process – both senior branch management and Compliance lacked understanding and awareness of this process. FCA commented that by the end of 2016 this was “out of control”;
- failure to address long-standing weaknesses in its transaction monitoring tool – which, among other things, it noted that, in 2015 lacked 40 high-risk countries and over 1,000 high risk clients; and
- failure to have adequate CDD policies and procedures in place.
FCA commented that its expectations on financial crime prevention controls include expectations on branches of overseas firms. The failings meant the bank was open to being used for financial crime although there was no evidence that it was in fact occasioned or facilitated by the breaches.
Some of the failings were due to understaffing at key times – with the financial crime team in Compliance consisting of only 3 full time staff in 2016 (this was increased to 42 in 2018).
FCA found Commerzbank had conduced a significant remediation exercise to bring its controls into compliance, which were being tested by a skilled person, and has also looked back to identify suspicious transactions. The bank had also agreed a VREQ, which included temporarily stopping taking on high-risk customers, ceasing new business with existing high-risk customers who were overdue a review, and suspending all new trade finance business activities. The remediation period is now complete and the bank is requesting a lifting of the restrictions.