Recent data from the Financial Conduct Authority (FCA) sheds
light on whistleblowing reports that the regulator has received
about firms’ anti-money laundering (AML) controls.
UK Whistleblowing Reports
The data, obtained by consultancy firm Accuracy via a Freedom of
Information request, reportedly shows that over the past five
years, employees at finance firms have submitted 141 whistleblowing
reports relating to AML to the FCA. The data also shows that,
during this period, the number of AML whistleblowing reports has
declined. In the 2021 to 2022 period, which is the most recent
period reported on, nine reports were made; down from 25 reports
made the previous year and the peak of 45 reports in the 2018 to
2019 period.
Notwithstanding this decline, the total number of reports over
this period remains significant and shows that the regulator’s
concerns about how firms are handling AML risks are being echoed by
those closest to the action.
What we do not know from this data is how many of these reports
resulted in investigations by the FCA, the specific nature of the
tips, or whether whistleblowers had first taken their concerns to
the relevant firms before reporting to the regulator.
But, with the additional pressures of a U.S. whistleblower law
that provides monetary incentive to tipsters, including UK-based
employees, we anticipate that more AML whistleblower reports will
be made in the coming years. To address this emerging risk, firms
should consider reviewing their policies and procedures to, among
other things, ensure that they have proper internal processes in
place to encourage, receive, and act quickly on internal
reports.
AML as a Priority for the FCA
The decline in AML whistleblowing reports made to the FCA does
not appear to be representative of a significantly improved culture
of AML compliance or a lighter touch from the regulator on AML
issues.
In May 2021, the FCA published a “Dear CEO” letter in
which it set out a number of common AML failings it had identified
and made clear that it would pursue enforcement action where
appropriate. Since that letter was published, the FCA has made good
on its promise. In 2022, the FCA issued its largest fine for these
alleged failings when it imposed a penalty of £107.8 million
on Santander UK PLC for “serious and persistent“
gaps in AML controls across its banking operations. This was
followed by a £7.6 million fine assessed on Guaranty Trust
Bank (UK) Ltd and a £4 million fine assessed on Al Rayan Bank
PLC, both resulting from AML failings.
There are no signs of the FCA slowing down in terms of
enforcement. In its 2023/2024 business plan the FCA said it intends
to lower incidences of money laundering by increasing proactive
assessments of AML controls. Alongside this, the FCA is also
enhancing its enforcement capabilities across the board. As such,
it seems that the FCA has an increased appetite, and soon will have
an enhanced ability, to take enforcement action against firms whose
AML controls are found to be lacking.
Whistleblowing Review
Firms should also be aware of potential changes on the horizon
in the whistleblowing space. The UK government recently announced a
review of the country’s whistleblowing framework, and it is
anticipated that reforms may be implemented to bring UK legislation
more in line with the new EU Whistleblowing Directive, which offers
enhanced protections to whistleblowers. Additionally, an Office of
the Whistleblower is being mooted, to bring the UK in line with
other jurisdictions, such as the U.S. (as described below). The
outcome of the review is due later this year and, if these reforms
are implemented, more employees who are uncomfortable with the way
in which their employers are handing AML compliance may be
encouraged and empowered (and in the case of U.S. regulators,
monetarily incentivized) to speak out.
Lessons to Be Learned
The combination of the newly published whistleblowing figures,
the FCA’s restated focus on AML, and the looming prospect of
whistleblowing reforms should serve as a cue for firms to review
their AML policies and controls to ensure compliance with relevant
regulations.
As a starting point, firms may wish to consider some of the
areas of concern noted in the FCA’s “Dear CEO”
letter, which included generic customer risk assessments,
inadequate customer due diligence measures, and improper
implementation of processes for handing Suspicious Activity
Reports. The two fines issued by the FCA this year also highlight
areas for consideration. The FCA found that Guaranty Trust Bank
(UK) had failed to act on numerous internal and external reviews
which showed continued weaknesses in the bank’s AML controls.
For example, the FCA found that Guaranty Trust Bank (UK) failed to
adequately document customer risk assessments, resulting in a lack
of transparency as to how specific customer risk ratings had been
determined. This was despite the fact that this issue had been
raised previously, including by the FCA, an external consultant,
and the bank’s compliance function. Al Rayan Bank PLC’s
breaches included the failure to implement appropriate procedures
for handling cash deposits and the failure to train staff on
whether cash transactions should be accepted if source-of-funds
information was not provided, despite the bank identifying that
cash transactions presented a high risk of financial crime. For
onboarding purposes, Al Rayan Bank PLC also relied on due diligence
carried out by financial institutions based in the Gulf states,
where the bank was aware that such due diligence would not meet the
standards required under UK regulations. It is notable that a
common factor in both cases was that the issues had been flagged
previously, by people both inside and outside the organization, but
the banks had not taken appropriate remedial action.
Not only should firms be reviewing their AML obligations and
best practices, but they should also ensure that they have in place
appropriate whistleblowing procedures to handle and address any
concerns raised, from either internal or external sources. Training
should be given to ensure that managers know how to approach
disclosures and that retaliation against whistleblowers is
unacceptable. The aim of any firm should be that a whistleblower
can report their concerns to the firm and that these are adequately
dealt with, without the tipster feeling the need to refer the
matter to the regulator.
Developments for AML Compliance and Whistleblowing in the
U.S.
For many companies, whistleblowing developments in the UK will
not be their only concern, as the U.S. has also been making strides
with respect to establishing its own AML whistleblower program. In
2021, Congress passed the Anti-Money Laundering Act (AMLA), which
increased financial rewards for individuals who blow the whistle on
potential anti-money laundering and sanctions violations and made
numerous other enhancements to the U.S. AML laws. Specifically, the
whistleblower provisions of the AMLA provide that any person who
reports original information relating to a violation of anti-money
laundering laws to: (1) an employer; (2) the Secretary of the
Treasury; or (3) the Attorney General, which results in a monetary
sanction of over US$1 million, may be eligible for a financial
reward. The amount of the financial reward will be between 10% and
30% of the monetary sanction collected and will depend on a number
of factors, including the significance of the information and the
degree of assistance provided. The U.S. Congress then further
enhanced this new program by establishing a fund to pay awards and,
significantly, expanding the program to cover violations of U.S.
sanctions laws and regulations.
In addition to these specific AML provisions, recent years have
seen the U.S. Securities and Exchange Commission (SEC) make changes
intended to provide greater incentives for whistleblowers. For
example, in 2020 the SEC implemented a presumption of awarding the
statutory maximum for whistleblowers who provide information that
results in a sanction of US$5 million or less and broadened the
scenarios in which whistleblowers may receive financial rewards to
include deferred prosecution agreements, non-prosecution
agreements, and settlement agreements.
In its most recent Annual Report, the SEC reported that it has
paid whistleblower awards to individuals on six different
continents, and the UK is always in the top three countries from
which it receives whistleblower tips. The SEC recently made a
record-breaking award of US$279 million to a single whistleblower,
news of which will surely cause a wider international awareness of
this U.S. program. The SEC has increased its supervision and enforcement in the AML arena bringing several
settled actions in recent years. Because of the
industry attention to the AMLA whistleblower program, we suspect
that the SEC and other U.S. agencies will continue receiving
AML-related tips this year, which could bolster their enforcement
efforts.
U.S. regulators have been quick to point out the significance of
these whistleblower programs. In April of this year, the Acting
Director of the Financial Crimes Enforcement Network (FinCEN), who
is charged with establishing the AML whistleblower program,
testified that the new whistleblower program could be “a
force-multiplier” for the entire federal government —
most notably, the DOJ and the Department of the Treasury’s
Office of Foreign Assets Control (OFAC) — and a powerful tool
for holding financial institutions accountable for violations of
the BSA and economic sanctions.
Conclusion
The supervisory and enforcement focus on AML compliance in the
financial services arena continues in both the UK and U.S., and the
success of and attention given to the various whistleblower
programs will likely lead to an increase in potential investigative
and enforcement activity. With further developments on the horizon
in both the UK and the U.S., firms should take the opportunity to
ensure they are well placed to comply with relevant regulations and
manage any risks appropriately.
Arnold & Porter has extensive experience in advising on AML
compliance and whistleblower matters in the U.S. and UK. In the
U.S., Arnold & Porter has a leading Securities Enforcement
Defense and Whistleblower Mitigation & Defense team, which
includes Jane Norberg, who is the former SEC Chief of the Office of
the Whistleblower. Arnold & Porter represents clients in
defending against whistleblower actions, conducts internal
investigations, and defends clients to the SEC, the FCA, and other
regulatory and criminal authorities in both the U.S. and the
UK.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.