UK Financial Conduct Authority Fines Commerzbank’s London Branch £37.8 Million for Anti-Money Laundering Control Failings

The UK Financial Conduct Authority (FCA) has fined Commerzbank AG’s London branch (Commerzbank London) £37.8 million for failing to institute adequate anti-money laundering (AML) controls from 2012 to 2017 in violation of Principle 3 of the FCA’s Principles for Businesses. Mark Steward, the FCA’s Executive Director of Enforcement and Market Oversight stated that “Commerzbank London’s failings over several years created a significant risk that financial and other crime might be undetected,” although the FCA did not identify any evidence of financial crime having been caused or facilitated by Commerzbank London’s AML control failings. Financial institutions operating in the United Kingdom, such as Commerzbank London, are responsible for minimizing their risk of being used for criminal purposes, including the risk of being used to facilitate money laundering or terrorist financing.  UK firms are required to mitigate this risk by organizing and controlling their affairs responsibly and effectively, establishing and maintaining an effective, risk-based AML control framework and complying with the applicable Money Laundering Regulations. The FCA’s 17 June Final Notice said the following deficiencies in Commerzbank London’s AML control systems rendered the bank “unable to adequately identify, assess, monitor or manage its money laundering risks”:

• Commerzbank London failed to adequately identify and assess the risks associated with politically exposed persons or adhere strictly to the bank’s policy on verifying beneficial ownership of clients, including high-risk clients, from independent and reliable sources;
• the bank did not develop a written process or criteria for ending relationships with existing clients that pose too great a risk of financial crime;
• the bank’s financial crime controls regarding introducers and distributors fell short of the UK’s AML standards;
• Commerzbank London severely understaffed the internal roles responsible for timely refreshing know-your-client (KYC) checks on existing customers, which by February 2017 resulted in 2,226 existing clients being overdue for a KYC refresher;
• Commerzbank London’s senior management and compliance personnel lacked understanding or adequate awareness of an exceptions process that allowed existing clients to continue to transact with the bank despite lacking timely refresher KYC checks, leading to one high-risk client – who was almost five years overdue for a KYC refresh – entering into 16 transactions with Commerzbank London that resulted in nearly £275,000 in revenue for the bank;
• internal responsibility for specific risks and issues was not clearly articulated or understood by Commerzbank London employees or committees; and
• the bank’s automated tool for monitoring money laundering risks in client transactions was “not fit for purpose” because it was missing information about 40 high-risk countries and 1,110 high-risk clients.

The FCA’s 17 June Final Notice characterized Commerzbank London’s failings as “particularly serious” because they occurred following three separate warnings from the FCA regarding weaknesses in Commerzbank London’s AML control framework.  They also occurred against the backdrop of heightened awareness within Commerzbank of weaknesses in its global financial crime controls following action taken by US regulators in 2015. Commerzbank London has undertaken a significant remediation exercise to address the deficiencies in its AML controls, including submitting the effectiveness of its enhanced AML controls to testing by a Skilled Person. Commerzbank London’s fine is one of the largest fines ever imposed by the FCA for AML control failures, notwithstanding the fact that Commerzbank London received a 30 percent fine reduction to reflect its cooperation with the FCA’s investigation and agreement to resolve the matter early.  The full fine would have been £54 million. The FCA’s action against Commerzbank London emphasizes the FCA’s continued focus on firms’ AML controls following its imposition of a £102 million fine on Standard Chartered Bank in 2019.  It also underlines the importance of firms adequately assessing and mitigating their money laundering risks and not underestimating the level of work that is required to meet their AML obligations.