Commerzbank fined for anti-money laundering failures

Posted: 18/06/2020

The Financial Conduct Authority (FCA) announced on 17 June 2020 that it has fined Commerzbank an enormous £37,805,400 - reduced from a potential £54,007,800 due to Commerzbank’s cooperation with the FCA’s investigation - for the bank’s anti-money laundering (AML) failures.

Those failures resulted in a breach of Principle 3 of the FCA’s Principles for Businesses (Principle 3: A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems). By imposing such a hefty penalty, the FCA has once again emphasised to UK firms the importance of ensuring effective AML risk control frameworks and adhering to applicable AML regulations.

Commerzbank’s AML failures

During the five-year period beginning 23 October 2012 and ending 29 September 2017, the FCA identified the following weaknesses in Commerzbank’s AML systems and controls:

• inadequate financial crime controls in respect of its intermediaries;
• unsatisfactory handling of the risks associated with politically exposed persons;
• insufficient verification process of the beneficial ownership of clients, including those deemed high-risk;
• lack of proper processes for terminating relationships with existing clients for financial crime risk;
• due to major understaffing, all-important KYC checks (including periodic KYC checks), were not completed; an automatic exception process implemented by Commerzbank allowed clients to continue to transact despite not having been subject the periodic refreshed KYC checks. The FCA noted that “by March 2017, 1772 of its clients were overdue updated due diligence checks”; 
• lack of clarity in respect of internal responsibility for risk and customer due diligence; and
• an inadequate automated system to check the AML risks within transactions; the FCA identified that “40 high-risk countries were missing [from this system] and 1,110 high-risk clients had not been added to the transaction monitoring tool.”

Despite concerns being raised by the FCA on several occasions, Commerzbank had failed to take the steps necessary in order to remedy those failures.

As a result, the FCA decided that Commerzbank did not have adequate risk management systems in place during this five-year period.

Just a fine?

As substantial as this fine is, it has not been Commerzbank’s only consequence flowing from its AML failures. In May 2017, the FCA required Commerzbank to appoint a ‘skilled person’ under s166 of the Financial Services and Markets Act 2000 to review and report on the bank’s remediation project relating to its financial crime controls.

After this investigation was conducted, Commerzbank entered into a voluntary undertaking to maintain certain ‘business restrictions’ starting September 2017, which include suspension of the following activities:

• all new trade finance related business activities;
• opening of new demand deposit and custody accounts;
• on-boarding of new high-risk customers; and
• all new business activities with existing high-risk customers in respect of which a periodic/material change review was overdue.

Despite Commerzbank’s request for the restrictions to be gradually lifted, nearly three years later they remain in place - and the FCA does not appear in a hurry to lift them completely.

Lessons to be learnt

Regulated financial services firms are subject to strict statutory and regulatory obligations to take appropriate measures to ensure they do not facilitate crime. There is substantial evidence that global efforts to prevent the financing of terrorism and crime has had material impact worldwide. Whilst there is nothing in the FCA’s final notice (or elsewhere) to suggest that Commerzbank’s failures assisted the financing of terrorism and crime, nonetheless these are obligations that every financial institution must take seriously and maintain effective systems to safeguard against.

It is clear, not only by the large financial penalty but also by the business restrictions imposed upon Commerzbank, that the FCA believes it is of utmost importance that firms have sufficient AML procedures and adequate documentation in respect of these procedures for all employees to understand and implement.

The FCA noted that, “Commerzbank’s failures…created a significant risk that financial and other crime might be undetected,” warning that “the risk alone” of allowing such criminal activity to take place and remain undetected is sufficiently serious and deserving of such great penalties. The FCA went on to strongly advise firms to “recognise that AML controls are vitally important to the integrity of the UK financial system.”

Crucially, firms should take heed of the AML failures seen in the case of Commerzbank and safeguard against the existence of such shortcomings in their own institutions by ensuring that all AML procedures and documentation are of an effective and high standard. After all, prevention is undoubtedly the best cure.

This article has been co-written with Iris Bajraktari, a trainee solicitor in the banking and finance team.

Return to news headlines