By Sophie Lalor-Harbord, Partner, Commercial Litigation, Stewarts and Joe Mitchell, Senior Associate, Commercial Litigation, Stewarts
In 2022, the Financial Conduct Authority (“FCA”) almost doubled the number of fines it issued in 2021. We are just over one month into 2023, and the FCA has already issued two anti-money laundering (“AML”) related enforcement actions. Clearly, banks and other firms are under pressure to ensure that in addition to initial account opening checks, they continually monitor their customers and check payments in and out of accounts. But at what cost to the customer?
The first AML-related fine of 2023 was issued against Guaranty Trust (UK) Bank for £7.6m. The FCA held that the bank had “failed to unAdertake adequate customer risk assessments, often not assessing or documenting the money laundering risks posed by its customers” and “failed to monitor customer transactions and business relationships to the required standard”.
In issuing the second fine, against Al Rayan Bank PLC for £4m, the FCA said the bank had “allowed money to pass through [it]… without carrying out appropriate checks” and had “failed to adequately check its customers’ source of wealth and source of funds when it was required to make sure the money was not connected to financial crime”.
It should be said that in both cases, the fines were issued for breaches that took place a few years ago. However, the FCA has made it clear that it intends to continue punishing those who do not take their AML responsibilities seriously. We expect the trend of large fines to continue.
As litigators, we are approached by more and more clients whose accounts have been blocked while their bank “investigates” a particular transaction for apparent AML reasons. Often such investigations take days or weeks. In the meantime, our clients’ businesses are significantly disrupted. The inability to make or receive payments not only puts a business at risk of breaching its contracts with customers or staff (the latter, in particular, where salaries are paid from the account) but also at reputational risk.
The FCA seemingly provides no guidance on how long is appropriate for a firm to spend investigating AML concerns, and banks understandably ensure their terms are broad on the subject. For example, HSBC’s standard customer terms state: “We can block any payment device (and your access to related services…) [where] we suspect fraud or criminal use of the payment device.”
NatWest’s terms similarly say: “We may suspend or restrict the use of your accounts, or certain services (such as your debit card or online banking) if…
In our experience, standard business terms are just as broad and opaque.
Compounding the problem is that the banks are not obliged to tell customers which transaction they are concerned about (this point is often made explicit in the terms). This leaves little opportunity for businesses to seek to speed up the AML checks by, for example, providing receipts or invoices to prove the legitimacy of a particular transaction.
It was recently reported in The Times that since August of last year, Barclays has been turning away applications for bank accounts from businesses as it struggles to find staff to complete AML checks. It is obvious banks are struggling to keep up with the checks required. The final notice issued against Santander in early December 2022 (one of the largest fines ever issued, amounting to £107.7m) provides some useful insights.
In finding that Santander had breached Principle 3 (the obligation to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems), the FCA held (among other failings):
While all these failings proved (for the FCA’s purposes) the bank’s inability to detect customers who were using their accounts for fraudulent means, equally, the failings let down those customers who are not committing fraud but are trapped in inefficient and chaotic AML processes.
Often the automated systems used by banks (which assess transactions against specified “rules”, a breach of which automatically triggers an alert) are not sophisticated enough to, for example, recognise that the same transaction was previously flagged and checked. This means checks being run are duplicated. This is particularly disruptive to businesses operating out of countries or in industries a bank has designated as high-risk. The automatic systems often also fail to allow flexibility where a particular customer’s anticipated turnover is high. For some customers, almost every transaction triggers an alert that needs to be investigated.
So, what can customers, particularly businesses operating in “high-risk” areas, do to avoid, reduce or, should it come to it, seek redress for unnecessary disruption to their day-to-day operations by their bank’s AML processes?
Sophie Lalor-Harbord – Sophie is a Partner at Stewarts and specialises in complex commercial litigation. Sophie advises clients in handling corporate crises, including advising on reputation management strategies. Sophie has experience across a wide range of high value commercial disputes with significant expertise in fraud claims including those involving asset tracing and freezing injunctions.
Joe Mitchell – Joe is a Senior Associate in the Commercial Litigation team at Stewarts. He specialises in high-value, complex commercial disputes, often involving international elements. He acted on two of The Lawyer’s top 20 cases of 2020, including the first fully virtual trial in the Commercial Court.