UK FCA AML fines 2002 – 2015: Common and Recurring Themes: The 40-point checklist

Special contributor report

By Anu Ratan, Senior Global FCC/AML Policy and Advisory Manager
February 25, 2016
Originally published on

Reprinted with kind permission.

The Association of Certified Financial Crime Specialists is always looking for ways to enlighten the broader financial crime compliance community to trends large and small and deliver actionable guidance and intelligence that will help professionals expand their understanding of how best to detect and prevent financial crime.

In an interview with Anu, she told me her goal with this initiative was to give professionals at all levels, and even those beyond the compliance program, an easily approachable and digestible checklist of critical financial crime pain points that can both illumine individuals to better uncover a broad array of suspicious activities and pass heightened examiner scrutiny and expectations.

The list below is a summary of Anu’s analysis of UK FCA fines for AML between 2002-2015 and common recurring themes identified. This list is by no means exhaustive and should not be considered as a source of regulatory requirements. Please scroll down to the end of the post for the list of fines reviewed and link to the FCA website for the original list of fines. For part one focusing on US AML fines, please click here.

 If you enjoy reading this post and find it useful; then there are chances someone else will as well. Please share it with your views to your contacts and spread the knowledge.

Key Observation: An interesting observation is that the key failures identified in the first fine in 2002 (earliest available on the site) are very similar in principle to those highlighted in the recent 2015 fine. Also the fines refer to ML Regulations, JMLSG Guidance and published FCA Best Practices as the references for review.

 Culture of Compliance:

  1. Failure to demonstrate the culture and level of cooperation expected by the Authority.

Senior Management Oversight (Compliance and Business):

  1. Roles and Responsibilities: Lack of clarity re roles and responsibilities within Business and Compliance.
  2. Failure by the Compliance officer to take reasonable steps for implementation of adequate procedures to control money laundering risk.
  3. Identification of Gaps and Mitigation of Risks:
  • Failings not identified by the Firm.
  • Failure continued for a considerable amount of time.
  • Shortcomings identified in compliance not addressed.
  1. Reporting:
  • Gaps in providing key management information to the Money Laundering Reporting Officer (MLRO).
  • Reporting to management was informal.
  1. Resources: Lack of adequate resources in compliance.
  2. Branches outside London not subject to regular visits by Compliance department.
  3. Reliance on a system of self-certification of AML compliance by branches.

Policies and Procedures:

  1. Firm policies and procedures not up to date with regulatory developments.

Risk Assessment Methodology:

  1. Risk Assessment Methodology did not consider High Risk Products and Services.

Customer Due Diligence:

  1. Failure in identifying customers adequately especially non-resident individuals, non face to face customers and those incorporated in high-risk and/or less transparent jurisdictions.
  2. Failure to question high profile clients.
  3. Failure in obtaining sufficient ‘know your customer’ (KYC) documentation.
  4. Failure in recording CDD documentation. This also meant:
  • Firm could not demonstrate that it had all relevant facts about its customers and so could not show that it had taken all reasonable steps to ensure that customers’ accounts remained suitable.
  • Insufficient evidence to show that the clients were who they had claimed to be.
  1. Lack of understanding of Source of Wealth and Source of Funds.
  2. Failure to review and fully understand documents in foreign languages.
  3. CDD checklists not completed and/or reviewed.
  4. Failure in screening customers against Sanctions and/or PEPs lists.
  5. Failure in controls for high risk customers e.g., PEPs.
  6. Inadequate guidance given to staff on how they should assess the classification of a customer resulting in customer classified as lower risk.
  7. Request to waive identification process approved because of the high-profile nature of the customer.
  8. Gaps in ongoing review of Customer relationships.
  9. Failure to understand nature of transaction.
  10. Transactions not in line with the customer profile (e.g., huge unexpected amounts did not trigger a review of the transaction or the relationship).
  11. High non-compliance rates found in non-personal accounts where there was an increased risk of actual money laundering taking place.

Suspicious Activity Reporting:

  1. High Risk Indicators ignored.
  2. Failed to ensure that suspicious activity reports were promptly considered and reported to the FIU.
  3. Series of high-risk transactions not followed by adequate investigations or review of account.

Three Lines of Defence:

  1. Failure in AML compliance monitoring by a central function.
  2. Concerns around the effectiveness of the internal audit function.

Enterprise Wide Risk Assessment:

  1. Failure to carry out Enterprise Wide Risk Assessment.
  2. Failure to carry out gap analysis between regulatory requirements and implementation within the bank.

Training and Education:

  1. Lack of clarity re roles and responsibilities within Business and Compliance.
  2. Failure in training employees adequately.
  3. Failure in revising training content adequately to address shortcomings in AML controls.
  4. Failure to maintain sufficient records of staff completion of AML training.
  5. Inadequate training on high risk indicators.
  6. Failure in checking whether the staff understood their AML responsibilities fully.
  7. Inadequate guidance given to staff on how they should assess the classification of a customer.

Record Keeping and Retention:

  1. Failure to keep records of Customer information and also which could evidence what actions had been taken.

List of fines reviewed:


2002 – Royal Bank of Scotland Plc – £750000

2003 – Abbey National Plc – £2,320000

2003 – Northern Bank – £1,250,000

2004 – Bank of Ireland – £375000

2004 – Bank of Scotland – £1,250,000

2004 – Carr Sheppards Crosthwaite – £500,000

2005 – Investment Services UK Limited – £175,000

2005 – Investment Services UK Limited – Managing Director – Ram Melwani – £30,000

2008 – Sindicatum Holdings Limited (SHL) £49,000

2008 – Sindicatum Holdings Limited (SHL) MLRO Michael Wheelhouse – £17,500

2010 – Alpari (UK) Limited – £140000

2010 – Alpari (UK) Limited Sudipto Chattopadhyay (MLRO) – £14,000

2012 – Habib Bank AG Zurich (Habib) – £525,000

2012 – Habib Bank AG Zurich (Habib) former MLRO Syed Itrat Hussain – £17,500

2012 – Coutts – £8.75 million

2013 – EFG Private Bank Ltd – £4,200,000

2013 – Guaranty Trust Bank (UK) Limited – £525,000

2014 – Standard Bank PLC – £7,640,400

2015 – Bank of Beirut (UK) Ltd. – £2.1 m

2015 – Bank of Beirut (UK) Ltd. – Anthony Wills (former compliance officer), and Michael Allin (internal auditor), £19,600 and £9,900, respectively

2015 – Barclays – £72 million

For my latest post on USA AML fines, please click on

Written by Anu Ratan, Senior Global AML Policy and Advisory Manager, Independent AML Practitioner

© Anu Ratan posted on LinkedIn in January, 2016. Unauthorized use and/or duplication of this analysis without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Anu Ratan and this site with appropriate and specific direction to the original content.

Anu Ratan, ICA Dip (AML)