You can’t stint on due diligence

While American bankers enjoyed Thanksgiving in late November, Barclays was hit with a £72,069,400 ($108,453,630) penalty, the largest every imposed by the U.K.’s Financial Conduct Authority (FCA) or its predecessor in a financial crimes-related enforcement proceeding.

The reason for the fine? According to the FCA’s report, Barclays  went to "unacceptable lengths to accommodate the clients.”  [Read “FCA fines Barclays £72 million for poor handling of financial crime risks,” FCA’s press release.]

FCA’s decision is instructive for banks and their advisors, even those only doing business in the U.S. The case makes important points about the level of due diligence required on customers and transactions, as well as the role of senior management in mitigating risk. Financial regulators on both sides of the Atlantic have been giving these matters considerable attention.

Details of FCA’s Barclays case

The fine has two elements:  £52.3 million in disgorgement of the revenue Barclays generated from the transaction and a penalty of £19,769,400. FCA notes that had Barclays not agreed to settle at an early state of the investigation, the fine would have been £80,542,000. FCA concluded by stating that it “makes no finding that financial crime was involved or facilitated by Barclays,” and that the “FCA makes no criticisms of the clients.”

In 2011 and 2012, Barclays arranged a £1.88 billion transaction for several “ultra-high net worth clients” who were also “politically exposed persons” (PEPs).  While FCA release does not identify the nationality of the clients, the Financial Times states that the clients behind the “biggest single deal Barclays has executed for wealthy individuals” were Qatari.

Barclays apparently went to great length to keep the transaction confidential, even, according to the Financial Times, agreeing to pay the customers £37.7 million if the transaction were revealed.

The transaction, according to FCA, involved “investments in notes backed by underlying warrants and third party bonds. It was the largest of its kind that Barclays had executed for individuals.”

As noted above, FCA states that it “makes no finding that the Transaction, in fact, involved financial crime.” As the basis for the fine is overwhelmingly disgorgement (£52 million: £20 million), it is apparent that the transaction was both legitimate and profitable. In other words, Barclays called it right with regard to the business risk involved in the transaction.

Where Barclays got in wrong, according to the FCA, was the bank’s failure to apply appropriate due diligence and financial crimes oversight to the business relationship—to both the clients and to the transaction—to make certain that the sources of the invested funds were legitimate and that the transaction was not being used for financial crime purposes.

In other words, the bank neither performed adequate due diligence on its customers nor properly assessed or monitored the financial crime risk associated with the transaction.

Guidance from FCA’s decision

What can other banks take from this case?

1. Regulatory risk is separate from business risk.

a. The failure to reflect this in a bank’s intake and operations procedures will result in serious consequences to a bank. There is no, “No Harm, No Foul” rule.

b. Regulatory risk rules apply equally and separately to the bank’s clients and to its transactions, regardless of the business risk (or lack thereof) in the underlying transaction.

2. Regulatory due diligence conducted on

a. Participants to a transaction must be proportional to the risk presented by each customer:

i. The involvement of PEPs in a transaction automatically requires a higher level of due diligence; and,

ii. Following a less rigorous due diligence procedure than would be required for a transaction having a lower risk profile (one without the presence of PEPs, certain (unstated by FCA) transactional features, etc.) will be seen as an almost automatic regulatory violation.

b. A bank’s transactions must:

i. Establish the purpose and nature of each transaction;

ii. Corroborate the clients’ (a) source of wealth and (b) source of funds for the transaction; and,

iii. Monitor each transaction on an ongoing basis to mitigate potential abuse of the transaction as it takes place.

3. Senior management must have, and be seen to have, an active role in overseeing the bank’s financial crime risk management, regardless of a perceived lack of business risk in the underlying transaction.

4. The conduct of a bank’s due diligence must be documented in the bank’s records.

FAC’s Barclays decision emphasizes that financial institution regulators in the U.S. and the U.K., if not coordinating their decisions, are at least reading and agreeing with each other’s statements. That guidance, most importantly, starts with senior management responsibility for anti-money-laundering responsibility.

About the author

D. E. “Ed” Wilson, Jr. is a partner in Venable LLP’s Washington, D.C., office. He previously served as Deputy and Acting General Counsel in the U.S. Treasury Department. He can be reached at [email protected] or at 202.344.4819