Lessons learned from DFSA imposed penalties on Two Directors for AML breaches
The Dubai Financial Services Authority (DFSA) has published twin enforcement decision notices.
Raphael Lilla and Kapparath Muraleedharan were both fined $56,000 for anti-money laundering breaches. Both men settled early in the enforcement process qualifying for a 20 percent discount, without which the fines would have been $70,000.
The two fines are based on the same set of facts regarding the opening of two accounts. In brief, the firm concerned had policies and procedures in place to collect the required account opening information including, where needed, additional detail for the enhanced due diligence process.
Lilla and Muraleedharan forced through the swift opening of the two accounts despite knowing that the firm's own procedures, independent legal advice and other substantive information all indicated that the accounts in question were deemed high-risk and should therefore be subject to enhanced due diligence requirements.
The two directors put deliberate pressure on the firm to open the accounts, even though the firm's senior executive officer and compliance officer acted not only to block the accounts but also to notify the DFSA of the issue.
The DFSA concluded that Lilla and Muraleedharan had knowingly breached the AML requirements and had failed to act with due skill, care and diligence in carrying out their functions as licensed directors of a firm.
Compliance tips and next steps
There are a number of lessons for others in the fines imposed on Lilla and Muraleedharan. The September 2015 edition of "In Action", the DFSA's newsletter, set out both progress made in the oversight of financial services activities in the Dubai International Financial Centre and future plans for the regulator's supervisory approach.
The DFSA made it clear that it remains the responsibility of senior managers to ensure that firms are, and remain, compliant with regulatory requirements. Senior individuals must understand the practical implications the DFSA's requirements and must have not only a detailed knowledge of the rulebook but also an understanding of the expected approach to culture and corporate governance. It is quite clearly a breach of supervisory expectations to pressure a firm into a knowing breach of applicable rules.
Two further points are:
- The actions of the senior executive officer and compliance officer to block the accounts and report the rule breach to the DFSA probably saved the firm itself from a much harsher penalty. It cannot have been easy to stand up to two directors who were intent on pushing through the account opening process despite knowing it was in breach of both the firm's own policies and the DFSA requirements.
- The discoverability of emails and other communications is once again in the spotlight. The line of sight which email gives regulators regarding inappropriate actions and behaviour is unparalleled. In this case email traffic provided direct evidence of the nature of the pressure brought to bear on the senior executive officer to open the accounts in question.
Firms should also be aware of the DFSA's continuing focus on financial crime, the prevention of money laundering and counter terrorist financing. The regulator is about to publish its latest annual AML report but the one published in April 2015 remains relevant, and set out detailed analysis and guidance on the new annual money laundering return.
The DFSA reviewed the first iteration of the new style of money laundering returns submitted in some detail and took the time to analyse the information provided, give further guidance on particular issues and to outline both good and poor practices. The report outlined a number of improvements which could be made:
- Firms need to tailor their due diligence assessments for businesses more specifically, and obtain buy-in from all areas of the firm, including senior managers.
- Firms need to expand the risk factors they consider, including associated product and service risks (not just country risks), and to improve the documentation of customer information obtained during the customer due diligence process.
- Firms must carry out comprehensive transaction monitoring, on a continuing basis, and must consider alerts raised on transactions booked overseas.
The DFSA is transparent about its regulatory approach and has made it clear that authorized firms must take rules and requirements seriously.
The DFSA chose to be deliberately lenient with firms but, critically, stated that it anticipated the "first round of annual returns would present a number of improvement opportunities". The DFSA also made it crystal clear that it expects firms to learn from the findings of the analysis and that it will have "higher expectations for improvements in the timeliness and quality of future submissions".
Firms should take the point about higher expectations very seriously, particularly in the light of the April 2015 fine imposed on the DIFC branch of Deutsche Bank. The Deutsche Bank branch was fined $8.4 million and agreed to a number of directions. It settled early in the enforcement process, without which the fine would have been $10.5 million.
The crux of the issue was whether or not the firm was advising and arranging for customers rather than simply referring and introducing them to other parts of the group. The branch's private wealth management business was deemed to have misled the DFSA as to its activities, and the firm finally confirmed to the regulator in January 2014 that the business was in fact advising and arranging for customers (with all of the associated regulatory requirements regarding client onboarding and prevention of money laundering).
This case reads like a cautionary tale of how not to organise and run a branch business. It paints a picture of an operation which was simply doing its own thing, apparently unaware of, quite apart from complying with, local regulatory requirements or being required to follow through on group audit visit findings and reports.
The fine was a reminder that large international financial services groups must oversee all parts of their business. Issues can often arise in smaller operations where, due to the size and location of the activities, there is a perception of low or lower risk. On the surface the DIFC branch of Deutsche Bank did not have clients per se, as the 1,000 or so customers were referred elsewhere to be onboarded.
Under the surface, however, was a business which systematically misled the DFSA as to its activities, which should have recognised clients as such and which should have had a fit-for-purpose compliance and governance infrastructure.
There are parallels between the Deutsche Bank fine and those imposed on Lilla and Muraleedharan. All raise questions about culture, the actions of (very) senior individuals and wider corporate governance.
The DFSA has shown that it will no longer tolerate poor behaviour by either firms or individuals. It is also seeking to bolster strong corporate governance, with events such as the May 2016 outreach on corporate governance and investor relations.
All those operating in the DIFC should keep up-to-date with changes in regulatory requirements and expectations and ensure they understand the ramifications of a lack of compliance, whether knowing or inadvertent.
Susannah Hammond is senior regulatory intelligence expert for Thomson Reuters Regulatory Intelligence; the views expressed are her own.