The case provides instructive practical examples of the “reasonable steps” companies can take according to the FCA and a reminder of the FCA’s cultural expectations of CEOs.

By David Berman, Jonathan Ritson-Candler, and Sean Wells

On 16 November 2022, the FCA issued a final notice (Final Notice) to the former CEO of Sonali Bank (UK) Limited (SBUK), Mr Prodhan, for anti-money laundering (AML) failings for a period running from 2012 to 2014 (the Relevant Period).

The Final Notice provides a reminder to firms of the FCA’s expectations in relation to AML compliance; in particular:

  • the role of senior management oversight of the Money Laundering Reporting Officer (MLRO);
  • the individual accountability of the senior manager tasked with overseeing the firm’s AML and financial crime compliance; and
  • the importance of senior management engendering a strong compliance culture, including in relation to AML.

Background

The FCA identified issues with AML compliance at SBUK in 2010 following its thematic review of financial crime controls at smaller firms. SBUK then implemented a remediation plan, which subsequently failed to effectively address the issues.

The regulator visited SBUK again in 2014 as part of follow-up thematic work and again identified a number of serious deficiencies in SBUK’s AML systems and controls, as a result of which a skilled person was appointed. The skilled person’s report found systemic AML failings arising from a lack of understanding and implementation of AML systems and controls throughout the bank.

On 12 October 2016, the FCA published two final notices as a result of SBUK’s AML failings, issuing the following fines:

  • £3,250,600 to SBUK and imposing a restriction, preventing it from accepting deposits for new customers for 168 days. This final notice describes how, among other breaches, SBUK had breached Principle 3, which requires a firm to take reasonable steps to ensure that it has organised its affairs responsibly and effectively, with adequate risk management systems.
  • £17,900 to the former MLRO and prohibiting him from performing the MLRO or compliance oversight function at regulated

Mr Prodhan referred the decision notice to the Upper Tribunal, where proceedings were delayed significantly due to the COVID-19 pandemic.

On 16 May 2018, the FCA issued an initial decision notice against Mr Prodhan, fining him £76,400 and concluding that Mr Prodhan had breached Statement of Principle 6 for approved persons (exercising due skill, care, and diligence in managing the business of the firm for which he was responsible) and was knowingly concerned in SBUK’s breach of Principle 3.

On 4 November 2022, Mr Prodhan withdrew his reference to the Upper Tribunal, and the FCA moved to issue the Final Notice, notably removing the fine from the decision notice and replacing it with a public censure. The FCA explained that it did this in acknowledgement of the change in circumstances of Mr Prodhan, namely that:

  • he no longer lives in the UK;
  • he recently retired from employment;
  • he has ongoing personal conditions which limit his ability to travel to the UK to participate in the Upper Tribunal hearing; and
  • the time that has elapsed since his misconduct (10 years) increases the risk of the hearing not being determined fairly.

Mr Prodhan’s Responsibilities

Mr Prodhan held the CF1 (director) and CF3 (chief executive) controlled functions throughout the Relevant Period (predating the application of the Senior Managers and Certification Regime (SMCR) to SBUK and Mr Prodhan). Mr Prodhan was also the senior manager with responsibility for the establishment and maintenance of effective AML systems and controls at SBUK, in accordance with SYSC 6.3.8R.

MLRO, SMF 17, nominated officer, SYSC 6.3.8R — who does what?
For UK firms that are subject to the SMCR and the Money Laundering Regulations 2017 (ML Regulations), a number of regulatory touchpoints require the allocation of responsibility for a firm’s compliance with AML obligations:
  1. A senior manager must function as the SMF 17 who has responsibility for overseeing the firm’s compliance with the FCA’s rules on systems and controls against money laundering and will typically be responsible for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime.
  2. The SMF 17 may delegate day-to-day oversight and management of the firm’s AML systems and controls to a separate MLRO (or may serve as the MLRO themselves).
  3. Under the Proceeds of Crime Act 2002 (POCA), firms are required to appoint a “nominated officer” to receive disclosures regarding knowledge or suspicion of the key money-laundering offences under POCA. The MLRO will often be a firm’s nominated officer, but the roles can differ; the MLRO role is not created by statute (meaning it can vary between firms), and the two roles need not be performed by the same person.
  4. Where appropriate with regard to the size and nature of its business, a firm must appoint a member of its board of directors (or equivalent management body) or of its senior management (who may also be the MRLO) as the officer responsible for the firm’s compliance with the ML Regulations.
  5. SYSC 6.3.8R requires that a firm allocates to a director or senior manager (who may also be the MRLO) overall responsibility within the firm for the establishment and maintenance of effective AML systems and controls.

Typically, firms will have either:

  1. one person as the SMF 17, who is also the MLRO taking responsibility for c) to e) above; or
  2. an SMF 17 who retains senior management responsibility for, and oversight of, the firm’s AML compliance, but delegates the day-to-day running of the firm’s AML systems and controls, and the role of nominated officer, to a separate MLRO (if so, it is essential that each person’s role is clearly defined).

SBUK adopted the latter of these approaches.

Failings Identified by the FCA

The FCA highlighted that during the Relevant Period:

  • SBUK’s internal audit function found that SBUK had failed to identify its conduct risks, meaning that, at a strategic level, SBUK did not adequately assess the risks to which it was exposed, including those relating to AML and financial crime. Mr Prodhan failed to take reasonable steps to ensure that these risks were identified, documented, and mitigated and that the relevant systems and controls were working effectively. He also failed to take reasonable steps to ensure the board was sufficiently aware of the relevant risks.
  • Despite being entitled to delegate day-to-day operational management of SBUK’s AML systems and controls to the MLRO, Mr Prodhan remained responsible for ensuring these were properly established and functioning well. He failed to take reasonable steps to ensure he had an adequate understanding of the firm’s AML risks and how they were being addressed.
  • Mr Prodhan failed to hold sufficiently regular meetings with the MLRO, failed to identify the MLRO role was under-resourced, made insufficient contributions to meetings where AML issues were discussed, and did not effectively challenge reports from the MLRO. The management information presented to the board and Audit Committee was therefore inadequate and did not allow them to properly assess the efficacy of the controls.
  • Mr Prodhan was responsible for setting the SBUK’s values, culture, and standards, including steering senior management towards ensuring a strong compliance culture throughout SBUK. He failed to do so, which impacted on SBUK’s AML systems and controls given: (i) staff failed to understand the importance of AML obligations or the value of complying with them; and (ii) a culture persisted which was resistant to changing business practices in light of regulatory developments.
  • Mr Prodhan received clear indications from SBUK’s internal audit function of issues with the firm’s governance framework and AML systems and controls. He failed to consider these warnings and take adequate measures to address these concerns.
  • No suspicious activity reports (SARs) had been filed by SBUK for a number of years, with the MLRO giving the same explanation each year. Despite this, Mr Prodhan failed to take any steps to investigate the low level of SARs or challenge the MLRO’s explanation.

Takeaways for Firms and Senior Management With AML Oversight

In light of the Final Notice and other recent FCA enforcement action in relation to AML, firms would be well advised to consider:

  • Ensuring that relevant responsibilities and reporting lines are clearly defined and well understood — especially if the roles of nominated officer, MLRO, SMF 17, and person responsible for compliance with the ML Regulations are performed by different persons.
  • Working with SMF 17s to review the FCA’s findings on Mr Prodhan’s reasonable steps failings. Whilst the Relevant Period pre-dated SMCR, current SMF 17s might nevertheless review their practices in light of the FCA’s findings, given that they are equally relevant.
  • Reviewing AML and broader financial crime risk assessments, policies and procedures, as well as training programmes to ensure they are up to date and checking that they have robust policies, procedures, systems, and controls in place, as well as sufficient management information going to the board.

This case also serves as a timely reminder of the FCA’s cultural expectations of CEOs.

 

This post was prepared with the assistance of Aslihan Alparslan in the London office of Latham & Watkins.