The FCA’s NatWest probe: has the regulator bitten off more than it can chew?

Thomas Cattee, white-collar crime specialist at Gherson in London, examines the Financial Conduct Authority’s recently-launched criminal proceedings against NatWest – the first case it has brought against a bank under the Money Laundering Regulations 2007.

The United Kingdom’s Financial Conduct Authority (FCA) started criminal proceedings against NatWest Bank (NatWest) on 16 March for alleged offences relating to the adequacy of procedures in place to prevent money laundering. The regulator has alleged NatWest failed to properly monitor and scrutinise hundreds of millions of pounds’ worth of suspicious activity between November 2011 and October 2016. 

These proceedings are in respect of offences under the Money Laundering Regulations 2007 (MLR 2007). The FCA specifically alleges that NatWest failed to adhere to the requirements of the MLR 2007’s regulations 8(1), 8(3) and 14(1), which were put in place to require institutions to determine, conduct, and demonstrate risk-sensitive due diligence and ongoing monitoring of their client relationships to ensure they could prevent money laundering. Alleged failure to comply with these can, if caught out, result in potential criminal liability, as we see today against NatWest.

This case is particularly interesting, as the FCA chose to bring proceedings under the MLR 2007 rather than under the specific anti-money laundering legislation contained in the Proceeds of Crime Act 2002. This suggests that the regulator has potentially identified alleged regulatory oversights – albeit ones that potentially invoke criminal liability – and is not looking at an active involvement in money laundering. 

Even though these regulations have been in place since 2007, this is actually the first time that the FCA has initiated a criminal prosecution under them. This is also the first prosecution of these against a bank and aimed solely at the corporate. 

The MLR 2007 have in fact now been superseded, initially by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and, most recently, by new rules in line with the Fifth Anti Money Laundering Directive. That the prosecution is being bought under the 2007 Regulations is not unusual, and reflects the fact that the allegations span the period when these regulations were in place. Indeed, the more recent money laundering regulations came into force on 26 June 2017, well outside the period of alleged criminality in this case.

Had the allegations spanned a period overlapping both regulations then this would have been a more interesting scenario, which would have required careful consideration of the appropriate regulation under which to prosecute. Given that the prosecution is being brought solely in relation to a timeframe ending in October 2016, there was no need for such a consideration, or rather there may have been a decision to only focus on a specific timeframe.

However, the fact that this is the first criminal prosecution by the FCA under the 2017 Regulations, and the first prosecution against a bank, makes this case particularly noteworthy. One must really question the practical criminal applicability, to the FCA, of regulations which have only once been used in a criminal context, despite being in place for 10 years. Time will tell whether other cases come out of the woodwork.

Could it be possible that the lack of FCA prosecutions might be due to exceptional compliance standards? One only has to look at the annually published list of reported final notices on the FCA’s website, including for breaches of anti-money laundering offences, and indeed more widely to the HSBC case discussed below, to understand that this is not the case.

It more likely reflects the difficulty in establishing criminal responsibility to the required standard against both individuals and corporations under these regulations. This therefore might be a case of the FCA demonstrating that it can bear its teeth and initiate criminal proceedings where appropriate. The fact still remains that, in the majority of circumstance we have witnessed so far, the FCA has relied on regulatory proceedings.

Perhaps most interesting of all, is that the corporate has been charged rather than any individuals – that is, employees at the bank. As was established in the Serious Fraud Office’s recent attempted prosecution of Barclays Bank for fraud offences, asserting criminal liability against a corporate can be far from straightforward.

Although in this case the FCA will need to demonstrate that the corporate failed to comply with their requirements under the MLR 2007, it may still have an uphill battle on its hands as it will need to establish liability on the corporate for breach of the MLR 2007 beyond reasonable doubt. Indeed, it is arguably easier to pin criminal liability on individuals rather than a corporate. However, the FCA has determined that it can go for the corporate, but it may lead one to wonder whether they have bitten off more than they can chew.

So what are the potential outcomes here?

Readers will no doubt be aware that in December 2012 HSBC admitted to anti-money laundering and sanctions violations before the US Department of Justice. They paid a hefty US$1.256 billion settlement to the DOJ in a deferred prosecution agreement. This was in relation to conduct which included “HSBC’s blatant failure to implement proper anti-money laundering controls facilitated the laundering of at least [US]$881 million in drug proceeds through the U.S. financial system”, in the words of the United States’ then-Attorney General Loretta Lynch.

However, this possibility is not applicable in relation to criminal proceedings initiated by the FCA.

The underlying statute – Section 27, Part 2 (Offences in relation to which a DPA may be entered into) of Schedule 17 to the UK’s Crime and Courts Act 2013 (the “2013 Act”) – enables a Deferred Prosecution Agreement to be entered into in relation to an offence under regulation 45 of the Money Laundering Regulations 2007. But Section 1 of the 2013 Act only permits a DPA as an agreement with a designated prosecutor which, according to Section 3(1) of the 2013 Act, are the Director of Public Prosecutions and the Director of the Serious Fraud Office.

As such, the outcomes against the bank are either guilty or not-guilty.

I for one, will be following this case; especially the FCA’s decision to go for the corporate and whether the regulator really has bitten off more than it can chew. It might be said that there is a little bit of muscle-flexing here, in order to prove the point that no entity is too big to be pursued by the FCA. Time will tell.

Thomas Cattee is a white-collar crime lawyer at Gherson Solicitors in London

Get unlimited access to all Global Banking Regulation Review content