FCA has fined Santander UK plc £107.7m for serious and persistent gaps in its AML controls that related to its business banking customers. It found that over a period of nearly 5 years from the end of 2012, the banks failings impacted its oversight of over half a million customers. Its systems did not adequately verify the information customers provided about the business they would be going, nor did they monitor deposits against what was expected.
FCA noted that in one case, a customer had opened an account with expected monthly deposits of £5,000 (saying it was a translation agency, but in fact it was an MSB), but within 6 months was receiving millions, which it transferred to separate accounts – and it took 19 months for the bank to close the account after its AML team had recommended it for closure. There were several investigations and recommendations, and significant confusion within the bank as to the action to be taken. After it had decided to close the account, it agreed to a request from law enforcement to keep it open but lost track of the request and did not close it until FCA contacted it 15 months later.
FCA’s investigation found many other accounts that were not properly monitored and managed, and many instances where the bank did not deal promptly with red flags. It also found that many more customers were MSBs, but the bank had not identified them as such, although its policy was not to take on MSBs as customers. All in all, more than £298m passed through the bank before it closed the relevant accounts (£269m of it from the first identified account).
Santander had started an improvement programme in 2013, but concluded the changes it made were not enough, and in 2017 started a comprehensive restructuring of its processes and systems.
FCA found several other failings, including failure of relevant departments within the bank to liaise, so, for example, information from the SAR department was not taken into account in regular monitoring.