FCA fines Commerzbank London £37,805,400 over anti-money laundering failures

Commerzbank London was aware of these weaknesses and failed to take reasonable and effective steps to fix them, despite the FCA raising specific concerns about them in 2012, 2015 and 2017.

These weaknesses also persisted during a period when the FCA was publishing guidance on steps firms could take to reduce financial crime risks as well as taking enforcement action against a number of firms in relation to AML controls. Despite these clear warnings, the failures continued.

Firms operating in the UK, including branches of overseas firms, must take reasonable care to organise and control their affairs responsibly and effectively, and to establish and maintain an effective risk-based AML control framework.

Mark Steward, executive director of enforcement and market oversight at the FCA, said: “Commerzbank London’s failings over several years created a significant risk that financial and other crime might be undetected. Firms should recognise that AML controls are vitally important to the integrity of the UK’s financial system.”

Number of failings

The FCA’s investigation identified failings in a number of areas, including Commerzbank London’s failure to:

*Conduct timely periodic due diligence on its clients, which resulted in a significant number of existing clients not being subject to timely know-your-client checks. By 1 March 2017, 1,772 clients were overdue updated due diligence checks. A material number of these clients were able to continue to transact with the bank’s London branch due to the implementation of an exceptions process, which was not adequately controlled or overseen and which became 'out of control' by the end of 2016

*Address long-standing weaknesses in its automated tool for monitoring money laundering risk on transactions for clients. For example, in 2015 Commerzbank London identified that 40 high-risk countries were missing and also that 1,110 high-risk clients had not been added to the transaction monitoring tool

*To have adequate policies and procedures in place when undertaking customer due diligence on clients.

Commerzbank London breached Principle 3 of the FCA’s Principles for Businesses, which requires firms to have adequate risk management systems in place.

Remediation exercise

Commerzbank London has undertaken a significant remediation exercise to bring its AML controls into compliance. A Skilled Person has been testing the effectiveness of these enhancements, and their work is now complete.

It has also conducted an extensive look-back exercise to identify suspicious transactions during the period in question. Commerzbank London also voluntarily implemented a wide-ranging business restriction, which included temporarily stopping taking on new high-risk customers and suspending all new trade finance business activities.

Commerzbank London agreed to resolve the matter at an early stage of the investigation and, therefore, qualified for a 30% discount. Without the discount, the financial penalty would have been £54,007,800.

Commenting on the news, Nick Bayley (managing director and head of UK regulatory consulting at Duff & Phelps) told Security Matters: “This action by the FCA reinforces the level of work required by firms to meet their AML obligations. The UK regulator’s continued concern about firms’ money laundering control is a focus we see mirrored across all of the other major financial centres in the world. Regulatory penalties require a devotion of significant management time and financial resources over many years to remediate the issues raised. This ‘hidden cost’ is something that can often be forgotten when looking just at the fine amounts imposed by the regulator. It’s important that firms do not underestimate the level of work required to their meet AML regulatory obligations.”