On 12 October 2022, the FCA (“the Authority”) issued a Decision Notice, whereby they imposed a civil penalty of £1,584,100 on Gatehouse Bank plc (“Gatehouse” or “the firm”) as the firm was identified as failing to comply with various requirements of the Money Laundering Regulations 2007 (“MLRs”).
Gatehouse, a Shariah-compliant bank was initially authorised by the FCA on 21 April 2008. Their services included those focusing on real-estate through its Shariah-compliant investments to investors in UK and US real estate. Additionally, the firm offered Shariah-compliant financing for real estate transactions as well as treasury and wealth management services. Gatehouse’s customers and investors primarily originated from jurisdictions that posed a higher money laundering risk and some were Politically Exposed Persons.
Between 9 June 2014 and 5 July 2017, Gatehouse failed to conduct sufficient Enhanced Due Diligence checks on its customers and their beneficial owners based in countries with a higher risk of money laundering and terrorist financing. It also failed to undertake the correct checks when some of the customers were classed as Politically Exposed Persons (PEPs).
In one instance, Gatehouse Bank had set up an account for a company based in Kuwait to aggregate that company’s customer funds. Gatehouse Bank did not require the company to collect information about its customers’ source of funds or wealth, which was required under Gatehouse’s anti-money laundering policies. As a result, over a two-year period, Gatehouse accepted US$62,000,000 into the account without properly vetting the funds for financial crime risks.
In terms of preventative controls, the FCA’s Decision Notice comments that “the compliance function was under-resourced. Also, although Gatehouse had adopted a three lines of defence model, this did not operate effectively, meaning that front line relationship managers did not appropriately screen customers, and an overburdened compliance function was left to remedy deficiencies in the quality of due diligence information collected”. This weakness had previously been highlighted by internal and external audit reviews.
Looking back, as of June 2013, the firm first became aware of various issues relating to their AML framework, when a consulting firm engaged by Gatehouse produced an internal audit report outlining issues relating to the due diligence conducted on its wealth management customers. Years later, in September of 2016, the firm produced another internal report, which resulted in an ‘inadequate’ rating of its AML practices and controls.
The importance of understanding the requirements of regulations
Given that there are still quite a few financial services entities receiving notices for non-compliance with the MLRs, it is evident that there is overall a lack of understanding of the MLRs requirements. The recurring theme seems to be around failings in conducting due diligence (both CDD and EDD), undertaking a business-wide risk assessment, appropriately risk assessing each customer and applying the relevant due diligence, continuously monitoring customers and their transactions (whereby the frequency of monitoring varies, depending on the risk level of the customer) or simply adopting a risk-based approach to the AML practices.
Gatehouse could have avoided receiving the FCA’s notice and subsequent fine if they had an adequate understanding of the MLRs. As outlined within the FCA’s decisions notice, the firm was offering a high-risk service, whereby they operated in the real estate market. Such high-risk involvement immediately excluded the firm from conducting Simplified Due Diligence, which meant that they would, without a doubt, be required to identify and verify their customers (including any UBOs or those in control of the corporate customer). The firm’s operations expanded to high-risk jurisdictions and included high-risk customers, as some were identified as PEPs. The firm therefore would be required to undertake EDD measures. The regulations call for the ongoing monitoring of customers (which includes the scrutiny of transactions and the continuous updating of customer documentation/information). With all of the above breaches, the firm also did not have in place sufficient resources within their compliance function to assist with rectifying the shortcomings (i.e., in instances where the front-line relationship managers failed to appropriately screen customers). Such failings meant that the firm had an ineffective 3-Lines of Defence model, as the overburdened Compliance team had to pick up the slack left by the front facing staff and remedy the deficiencies in the quality of the due diligence collected.
It is imperative that relevant firms understand and adopt the requirements of the regulations. This understanding and application will play a key role in ensuring that there is regulatory compliance while preventing/minimising any detriment to customers and other stakeholders, and subsequently help to prevent a firm from enforcement action and consequently, a negative impact on their reputation.
What firms should consider to stay on track
Firms should ensure there is sound understanding of the regulatory requirements, as well as the requirements of the FCA. This can include not only implementing robust controls and hiring the relevant persons in the AML department.
An external audit plays a crucial role in confirming that you have appropriate anti-money laundering and financial crime controls in place. Any recommendations should be seriously concerned by the firm, with the auditor providing a firm with a detailed action plan to help prioritise the changes / updates needed to the framework to ensure compliance
If you’d like to know more about how we can help you with your financial crime arrangements, or any other regulatory compliance issues, our specialist team is here to help.
Contact us today on 0207 436 0630 or email info@thistleinitiatives.co.uk.