Some banks appeared unwilling to turn away, or exit, very profitable business relationships when there appeared to be an unacceptable risk of handling the proceeds of crime. Around a third of banks, including the private banking arms of some major banking groups, appeared willing to accept very high levels of money-laundering risk if the immediate reputational and regulatory risk was acceptable.
Over half the banks we visited failed to apply meaningful enhanced due diligence (EDD) measures in higher risk situations and therefore failed to identify or record adverse information about the customer or the customer’s beneficial owner. Around a third of them dismissed serious allegations about their customers without adequate review.
More than a third of banks visited failed to put in place effective measures to identify customers as PEPs. [Politically Exposed Persons] Some banks exclusively relied on commercial PEPs databases, even when there were doubts about their effectiveness or coverage. Some small banks unrealistically claimed their relationship managers (RMs) or overseas offices knew all PEPs in the countries they dealt with. And, in some cases, banks failed to identify customers as PEPs even when it was obvious from the information they held that individuals were holding or had held senior public positions.
Three quarters of the banks in our sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. This was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity.
Some banks’ AML [Anti Money Laundering] risk-assessment frameworks were not robust. For example, we found evidence of risk matrices allocating inappropriate low-risk scores to high-risk jurisdictions where the bank maintained significant business relationships. This could have led to them not having to apply EDD and monitoring measures.
Some banks had inadequate safeguards in place to mitigate RMs’ conflicts of interest. At more than a quarter of banks visited, RMs appeared to be too close to the customer to take an objective view of the business relationship and many were primarily rewarded on the basis of profit and new business, regardless of their AML performance.
At a third of banks visited, the management of customer due diligence records was inadequate and some banks were unable to give us an overview of their high-risk or PEP relationships easily. This seriously impeded these banks’ ability to assess money laundering risk on a continuing basis. Nearly half the banks in our sample failed to review high-risk or PEP relationships regularly. Relevant review forms often contained recycled information year after year, indicating that these banks may not have been taking their obligation to conduct enhanced monitoring of PEP relationships seriously enough.
At a few banks, the general AML culture was a concern, with senior management and/or compliance challenging us about the whole point of the AML regime or the need to identify PEPs. ... continues
