Overview
The UK Financial Conduct Authority (FCA) has fined Commerzbank AG’s London branch (Commerzbank London) £37.8 million for failing to institute adequate anti-money laundering (AML) controls from 2012 to 2017 in violation of Principle 3 of the FCA’s Principles for Businesses.
Mark Steward, the FCA’s Executive Director of Enforcement and Market Oversight stated that “Commerzbank London’s failings over several years created a significant risk that financial and other crime might be undetected,” although the FCA did not identify any evidence of financial crime having been caused or facilitated by Commerzbank London’s AML control failings.
Financial institutions operating in the United Kingdom, such as Commerzbank London, are responsible for minimizing their risk of being used for criminal purposes, including the risk of being used to facilitate money laundering or terrorist financing. UK firms are required to mitigate this risk by organizing and controlling their affairs responsibly and effectively, establishing and maintaining an effective, risk-based AML control framework and complying with the applicable Money Laundering Regulations.
The FCA’s 17 June Final Notice said the following deficiencies in Commerzbank London’s AML control systems rendered the bank “unable to adequately identify, assess, monitor or manage its money laundering risks”:
- Commerzbank London failed to adequately identify and assess the risks associated with politically exposed persons or adhere strictly to the bank’s policy on verifying beneficial ownership of clients, including high-risk clients, from independent and reliable sources;
- the bank did not develop a written process or criteria for ending relationships with existing clients that pose too great a risk of financial crime;
- the bank’s financial crime controls regarding introducers and distributors fell short of the UK’s AML standards;
- Commerzbank London severely understaffed the internal roles responsible for timely refreshing know-your-client (KYC) checks on existing customers, which by February 2017 resulted in 2,226 existing clients being overdue for a KYC refresher;
- Commerzbank London’s senior management and compliance personnel lacked understanding or adequate awareness of an exceptions process that allowed existing clients to continue to transact with the bank despite lacking timely refresher KYC checks, leading to one high-risk client – who was almost five years overdue for a KYC refresh – entering into 16 transactions with Commerzbank London that resulted in nearly £275,000 in revenue for the bank;
- internal responsibility for specific risks and issues was not clearly articulated or understood by Commerzbank London employees or committees; and
- the bank’s automated tool for monitoring money laundering risks in client transactions was “not fit for purpose” because it was missing information about 40 high-risk countries and 1,110 high-risk clients.