The UK Financial Conduct Authority has reached a settlement with Santander UK Plc, resolving an investigation into anti-money laundering oversight and management by the bank. Santander UK is the UK operating subsidiary of a multinational financial services group, with 1,312 branches in the UK employing more than 25,000 people during the relevant period, 2013 to October 2017.
The FCA’s investigation focused on Santander’s Retail and Business Banking Division (“Business Banking”), which serviced the accounts of small and medium sized businesses with an anticipated annual turnover of less than £250,000. A report issued by Santander’s internal audit department in December 2012 put the bank on notice that its anti-money laundering control framework was insufficient. In April 2013, the bank was further advised of gaps in its AML program through a report prepared by an external consultant. Thereafter, in September 2013, the FCA provided follow up after a review of Santander’s AML controls, in which were described significant weaknesses, including the failure to escalate certain issues, a high turnover of money laundering reporting officers, lack of investment in appropriate IT systems, and a lack of formal AML training strategy.
Whilst the FCA recognized Santander’s efforts between 2014 and 2016 to revise its policies and enhance its financial crimes systems and controls, and the significant resources invested in the improvements, the Authority’s investigation found that significant deficiencies continued to exist in the Business Banking division, impairing the bank’s ability to mitigate the money laundering risks associated with more than 560,000 customers in that division.
In its Final Notice, the FCA describes instances in which:
- Santander allowed high-risk customers to open and operate accounts despite not satisfying the bank’s own criteria for acceptable risk;
- The bank failed to conduct adequate customer due diligence even on high-risk customers such as money services businesses, and was unable even to identify the businesses as such;
- Local Business Managers miscategorized the risk level when onboarding customers, and did not undertake a qualitative assessment of the money laundering risks associated with those businesses;
- Some suspicious transactions and high-risk transaction monitoring alerts were not elevated appropriately, and others waited months to be considered by the Suspicious Activity Report unit;
- The lack of clear guidance and procedures on the treatment of money services businesses led to too few recommendations that accounts be closed, and;
Even when account closure was recommended by the bank’s suspicious activity inspector, the recommendation was not progressed.
The FCA concluded that by virtue of this conduct Santander violated Principle 3 of the FCA Handbook covering Systems and Controls, which requires the bank to take reasonable care to organize and control its affairs with adequate risk management systems and appropriate measures to identify, assess, monitor and manage money laundering risk.
In assessing the appropriate financial penalty, the FCA took into account aggravating factors such as earlier penalties imposed on Santander for AML failings, including £2 million in 2003 (Santander’s predecessor bank), £1.5 million in 2012, over £12 million in 2014, and more than £32 million in 2018. Additionally, the FCA published guidance on several occasions to help financial institutions establish good practices, handle high-risk customers appropriately, comply with AML regulations, and prevent financial crime. The FCA deemed as mitigating factors Santander’s efforts, in 2017, to restructure and enhance its financial crime systems and controls, as well as other measures such as ceasing to onboard Business Banking customers online or by telephone, and limiting the acceptance of high risk customers.
Because it agreed to settle the investigation with the FCA during its early stages, Santander received a 30% discount, reducing what otherwise would have been a £153,990,400 fine to £107,793,300.