The UK’s Financial Conduct Authority (FCA) has announced a fine of £37,805,400 for Commerzbank London over anti-money laundering (AML) failures between October 2012 and September 2017.
According to the FCA, Commerzbank London had been aware of concerns raised in 2012, 2015 and 2017 but had failed to take effective steps to fix the issues. Commerzbank London agreed to accept the fine at an early stage, reducing the penalty amount down from £54,007,800.
Commerzbank London’s failings over several years created a significant risk that financial and other crime might be undetected. Firms should recognise that AML controls are vitally important to the integrity of the UK financial system
The FCA’s investigation raised a number of failings including Commerzbank London’s failure to perform periodic due diligence on its clients. This resulted in a significant number of existing clients not being subject to timely know-your-client checks. Key data used to identify 1,110 high-risk clients and 40 high-risk countries was missing from their automated transaction monitoring tool.
It appears that their biggest issues were caused by an uncontrolled exceptions process lacking the necessary oversight.
Exceptions processes should only be used in rare circumstances and should be subject to a strict oversight policy. At least two team members should be required to assess and approve any exceptions. The FCA found that Commerzbank London’s exception process was essentially ‘out of control’ by 2016.
How can you protect your business?
We all try our best to do the right thing, but humans are creatures of habit. As such we can quickly fall into patterns of behaviour which might not be right for the business. This is where software can really help out. By keeping your software systems up-to-date with the latest legislation and company policies, you ensure that everyone in the team is following the correct procedures to protect the business and its customers.
All of your critical systems should have the relevant access control with the appropriate roles and permissions provided to users. Management reports detailing the number of exceptions happening over a defined period will alert management to any problems early on.
Roles and permissions
Roles and permissions are probably the one critical item that any financial services platform needs. Preventing a single user from performing all actions in a system reduces the risk of fraudulent or criminal activity, money laundering, bribery and corruption within your business.
For example, in a financing company you may have a customer advisor who enters customer data and selects the appropriate finance product. Once the customer details are submitted, the data would be passed on to an underwriter for approval. Depending upon the circumstances, the approval of two or more underwriters may be required. Following an approval, members of the payout team would complete the process.
By having different team members in different roles, and using software to enforce company policies, you protect your team, your business and your customers.
Keep data up-to-date automatically
Trying to manually update business data in your company database isn’t an easy task. Many businesses use productivity tools such as Excel to manage their business data. While this is great for organising the data, it then falls to someone to either manually update your systems or to import it into the database.
Our recommendation would be to use a custom workflow to manage Excel documents. When a team member updates a document it can be sent for approval to one or more supervisors. Once approved by all supervisors, the Excel file can then be automatically imported into the database. The import would be logged in the database and the team notified when complete.
Dashboards and reporting
Do you know how many customers are “in flight” right now in your business? Which customers are reaching the end of their contracts in the next 30 days? What value of sales are your team members generating individually this month?
By having a company dashboard present, all these figures are visible at any time. Daily, weekly, monthly and quarterly reports can be generated and sent to the management team automatically.
Knowing what’s going on in your business at any time isn’t just a nice-to-have, it’s critical to sustaining and growing your business as well as ensuring that your team are adhering to the rules.
In the case of Commerzbank London, an automated report highlighting the number of exceptions being processed would have raised alarm bells early on. Thinking about your business today, what would alert you to “unusual” behaviour within your team or customers?
How we help our customers
Our experience includes developing solutions for Volkswagen Financial Services including GDPR compliance, support for PEPs and Sanctions reporting, and recording of beneficial owners, as well as developing a secure mobile app which is currently in use in all VW, Seat, Skoda and Audi dealerships in the UK.
Are your systems compliant? Is your business at risk from penalties from regulators? Don’t wait for the FCA to raise issues, get them solved today. Call us on 01234 818370 or arrange a Zoom call with our team.