FCA fines bank, compliance officer and internal auditor for providing misleading information to the FCA

ARROW review findings

Following an ARROW review in late 2010, the FSA (as it then was) raised concerns about the Bank's culture, internal audit function and lack of a compliance monitoring plan. In response to these concerns, the FSA issued a remediation plan, which required the Bank to take certain actions by prescribed deadlines to address the FSA's concerns.

FSA financial crime visit

Shortly after the ARROW review in early 2011, the FSA visited the Bank to assess its anti-money laundering (AML) systems and controls. During this visit, the FSA reviewed 15 client files, including some files belonging to clients who were politically exposed persons (PEPs) for the purposes of the Money Laundering Regulations 2007 (SI 2007/2157) (MLRs). This review of client files highlighted certain deficiencies in the Bank's customer due diligence (CDD) and monitoring processes. The FSA also found that there was no financial crime monitoring plan in place and recommended that one was implemented as a priority. The Bank confirmed that it would address the issues identified by the FSA relating to its AML systems and controls by an agreed deadline.

Appointment of a skilled person

Following its ARROW review and financial crime visit, the FSA required the Bank to appoint a skilled person, pursuant to section 166 of the Financial Services and Markets Act 2000 (FSMA), to review its AML systems and controls and to confirm whether the issues identified by the FSA had been addressed. In early 2012, the skilled person reported that the Bank had made some improvements to its AML systems and controls but set out a series of recommendations relating to areas that were still of concern. The skilled person also noted that the Bank was still in the process of remediating the client files that had been reviewed by the FSA during its financial crime visit.  

Remediation and communications with the FSA and FCA

The Bank failed to fully implement the actions set out in the FSA's remediation plan or the skilled persons report by the prescribed deadlines.

Throughout 2012, the Bank had a number of communications with the FSA about the remediation work it was undertaking. On several occasions, the Bank represented to the FSA that it had completed the actions set out in the remediation plan and the skilled persons report when, in fact, the Bank had not done so. In particular:

• The Bank informed the FSA that the actions set out in the remediation plan had been fully implemented when this was not the case.

•  The Bank provided assurances to the FSA that it had developed and implemented a compliance monitoring plan, despite this not having been completed in practice.
• The Bank told the FSA that it had fully remediated the 15 client files that had been reviewed and found to be inadequate during the FSA's financial crime visit in early 2011. During a subsequent visit by the FCA in 2013, the FCA found that the Bank had failed to remediate all of the 15 client files.

Following the FCA's visit to the Bank in 2013, the Bank engaged an external consultant to undertake and finalise the actions in the remediation plan and the skilled person report.

 The FCA also requested that the Bank undertook not to enter into any new client relationships with entities that were resident or incorporated in high-risk jurisdictions until all client files had been remediated so that they were compliant with regulatory standards. The Bank completed this remediation exercise in late 2013, following which the FCA discharged the undertaking.

Breach of Principle 11 by the Bank

Findings

Principle 11 of the FCA's Principles for Businesses (PRIN) is a very broad obligation and requires a firm to "deal with its regulators in an open and cooperative way" and also requires a firm to "disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice".

Following the communications between the Bank and the FSA and FCA in 2012 and 2013, the FCA concluded that the Bank breached Principle 11 because:

•  The Bank failed to implement certain aspects of the remediation plan and then repeatedly provided inaccurate information to the FSA and FCA about the status of certain actions set out in the remediation plan.
• The Bank failed to disclose to the FSA and FCA that it had not remediated the deficient client files identified during the FSA's financial crime visit in 2012 within the agreed timeframe.

Financial penalty

The FCA imposed a financial penalty of GBP 2.1 million on the Bank for breaching Principle 11.

When calculating a financial penalty to impose on a firm, the FCA typically takes the amount of revenue generated by the firm in question from a particular product line or business area (DEPP 6.5A.2G(1)). However, in this case, the FCA concluded that the revenue generated by the Bank was not an appropriate indicator of the harm or potential harm of its breach of Principle 11. As a result, the FCA determined the level of financial penalty to be imposed on the Bank by taking into account those factors that were relevant to an assessment of the seriousness of the breach (DEPP 6.5A.2G(13)). This is a relatively rare approach for the FCA to take when calculating a financial penalty.

Restriction on the Bank taking on new clients from high-risk jurisdictions

In addition to imposing a financial penalty on the Bank, the FCA also imposed a restriction on the Bank using its powers under section 206A of FSMA. This is only the second time that the FCA has used its power under section 206A to impose a restriction on a firm in an enforcement context.

 The terms of this restriction mean that for a period of 126 days from the date of the final notice, the Bank may not acquire new clients that are resident or incorporated in high-risk jurisdictions in relation to its regulated activities. For this purpose, the FCA defined high-risk jurisdictions by reference to Transparency International's Corruption Perceptions Index, which captures the majority of the Bank's target client base.

When deciding whether to use its power under section 206A, the FCA is required to consider the full circumstances of a case and will only impose a restriction where it believes that such action will be a more effective and persuasive deterrent than the imposition of a financial penalty alone. In this case, the FCA was persuaded that it was appropriate to impose a restriction on the Bank pursuant to section 206A on the basis that:

• The Bank had failed to implement agreed remedial actions and had not been open and co-operative with the FSA and FCA about this.
• The Bank's misconduct appeared to be widespread across a number of individuals and business areas which, in turn, suggested that there was a poor compliance culture within the Bank.

Enforcement action against individuals

Findings

In addition to taking enforcement action against the Bank, the FCA also publicly censured and fined:

• Anthony Wills, a former compliance officer at the Bank who held the CF10 (Compliance Oversight) role; and
• Michael Allin, the internal auditor at the Bank who holds the CF28 (Systems and Controls) role, for their actions relating to the Bank's misleading communications with the FSA and FCA described in Remediation and communications with the FSA and FCA above.

Both Mr Wills and Mr Allin were found to have breached Statement of Principle 4 of the Statements of Principle and Code of Practice for Approved Persons (APER). This requires approved persons to "deal with the FCA, the PRA and other regulators in an open and cooperative way" and to "disclose appropriately any information of which the FCA or the PRA would reasonably expect notice". The basis for the FCA's findings was that both individuals had provided or arranged for misleading information to be provided to the FSA and FCA relating to the Bank's implementation of the action points set out in the remediation plan and the skilled persons report.

In coming to these findings, the FCA emphasised the key roles played by compliance and internal audit personnel within firms, both in relation to their communications with regulators and the oversight that they are expected to have over businesses.

In addition, in the final notice issued in respect of Mr Wills, the FCA appeared to be unsympathetic to his arguments that some of his communications with the FSA and FCA that turned out to be misleading were "influenced by comments made by senior management".

Sanctions

Mr Wills was fined GBP 19,600 and Mr Allin was fined GBP 9,900. Both of these financial penalties were calculated based on the individuals' remuneration at the time of the conduct in question.

In addition, Mr Wills received a 10% discount on his financial penalty on account of the fact that he had "approached the [FSA] to request an exit interview shortly before he left the Bank of Beirut", at which he "volunteered information to the [FSA]" that contributed to the FCA's findings relating to this matter.

Comment

In this case, the FCA's clear focus was on the way in which the Bank communicated its progress in relation to a significant remediation exercise to the FSA and FCA. This is a relatively rare approach for the FCA to take, as it typically prefers to focus on systems and controls failings or underlying breaches in enforcement action, or both, as opposed to how these issues are subsequently dealt with by firms. However, the FCA's findings in this case demonstrate the importance of firms being open and transparent with their regulators in relation to on-going projects relating to which the FCA requests or expects updates to be provided.

In situations where misleading information has been provided to the FCA, this case also highlights that the FCA will not stop by looking at the firm in question – it will also examine and, if appropriate, take enforcement action relating to the conduct of the firm's employees who it believes were involved in the provision of this misleading information.

In July 2014, the FCA and the PRA publicly stated that they were not in favour of following practices adopted by regulators in the United States in providing financial incentives to whistleblowers. Notwithstanding the regulators' position on this topic, it appears that Mr Wills received an additional discount on his financial penalty in the light of information that he provided directly to the FCA about this matter. What information Mr Wills provided is not detailed in any of the final notices published by the FCA. However, the fact that Mr Wills received an additional discount on his financial penalty in return for the information he provided to the FCA indicates that the FCA may still be willing to offer some kind of financial benefit to individuals who are subject to enforcement investigations and provide valuable information that assists the FCA with its broader enquiries.

Decisions

• FCA final notice issued to the Bank of Beirut (UK) Ltd (dated 4 March 2015).

• FCA final notice issued to Anthony Rendell Boyd Wills (dated 4 March 2015). 

• FCA final notice issued to Michael John Allin (dated 4 March 2015).

This article first appeared on Practical Law and is published with the permission of the publishers.