AML failings and senior managers: What if senior managers don't have AML experience?
The FCA has again made clear that inexperience is no excuse when it comes to failings in the UK regulatory environment. But what if senior managers lack experience in an area for which they are responsible?
The FCA's latest individual AML failing came in the form of the publication of a Decision Notice, proposing to fine Mohammed Ataur Rahman Prodhan, the former CEO of Sonali Bank (UK) Limited (SBUK), £76,400 for acting without due skill, care and diligence and for being knowingly concerned in a breach by SBUK of its obligations to maintain effective AML systems.
This follows FCA action against SBUK itself (fine of £3,250,600 including Stage 1 settlement discount) and its MLRO Steven Smith (£17,900 and prohibition from performing relevant controlled functions).
The Decision Notice referred to a lack of experience of Mr Prodhan and the SBUK board in respect of AML matters, including:
- a lack of board experience and expertise in relation to regulatory and compliance matters; and
- Mr Prodhan had no experience of the UK regulatory environment when he took up his position at SBUK.
Unsurprisingly, the FCA found Mr Prodhan's inexperience in the UK regulatory environment to be no excuse. The FCA recognised that "Mr Prodhan was not required to be an expert in all areas of AML", but was required to identify and deal with risks, just as in his other areas of responsibility. The Decision Notice also stated that, if he had been unsure about UK regulatory requirements, Mr Prodhan should either not have taken on the position, or should have ensured he received adequate training, advice and continuing support in the areas where he lacked experience.
In addition to criticising Mr Prodhan for his lack of sufficient understanding of, or involvement in management of, AML risks, the FCA also found that, amongst other issues, Mr Prodhan failed to provide adequate resources sufficiently quickly to his team, was wrong to rely on assurances from those reporting to him that SBUK's systems and controls were adequate, and failed to take reasonable steps to ensure that a culture of compliance towards regulatory responsibilities existed throughout the firm.
So what could Mr Prodhan have done to overcome his AML inexperience?
The key for any senior manager is to at least seek to get a ground in the basics and key requirements of the relevant part of the UK regulatory system. At a minimum, for a senior manager with AML responsibility this means:
- Taking advice from the more experienced – but make sure it is properly used. In this case, reliance was placed on the knowledge of independent non-executive directors (who were experienced UK professionals), but the board failed to ensure their recommendations were effected.
- Providing effective challenge – take advice from the more experienced, but make sure it is properly challenged and appropriate questions asked to verify it.
- Getting a solid grounding in the key areas of the UK regulatory systems with regard to AML – consider training courses, conference attendance and other opportunities to grow knowledge in this area.
- Understand what AML risks the firm faces – be familiar with the firm's AML risk assessment (and even better, be involved in putting it together/revising it).
- Understand what AML systems and controls the firm has in place and assess whether they are working effectively – seek regular opportunities to consider and challenge: the systems and controls; the testing that is done of them; how they are communicated through the firm; the people putting them in place; and whether sufficient resource is deployed to manage AML risk.
The Decision Notice was published on 4 December 2018 and can be found here.
The Decision Notice has been referred to the Upper Tribunal.