Chris Haden highlights how inadequate document control is leaving the financial services sector open to massive financial risk in the light of anti money-laundering legislation

Terrorist funding and other criminal activities have brought the issue of money laundering into sharp focus over the last few years. Few regulatory bodies have been as keen on the uptake of this issue as the UK's Financial Services Authority (FSA), which has handed out a series of fines to financial institutions for not adopting sufficient safeguards against money laundering. Interestingly, it is not small or less significant financial services companies that have been chastised. It is some of the very largest UK institutions.
The situation was identified by the FSA as a priority issue in 2001.

A report published by the Authority at the time notes research that reveals: "Of those firms surveyed, 44% had no group money laundering policies.

Also, 40% received no internal reports over the last year, with 60% saying that they had made no suspicious transaction reports to NCIS. This may indicate that firms need to review their internal policies and procedures to ensure that reporting lines are clear and that staff are aware of their duty to report suspicions to the MLRO."

The issue of compliance with anti money-laundering procedures is not merely a burden for banks. The issue impinges on all deposit, savings and investment product companies, therefore embracing banks, building societies, life assurance and pensions, stockbrokers and share shops, funds and fund managers, forex, credit card and hire purchase.

Within this range, the FSA identifies six clusters of activities which are particularly vulnerable to money laundering:

- international banking and high risk jurisdictions

- domestic banking

- independent financial advisers (IFAs) and offshore funds

- online stockbroking

- spread betting

- credit unions.

Document management

Identifying, verifying and tracking customer identities in financial services is essentially a document-focused process. Genuine documents need to be obtained, captured, stored, retrieved and tracked. The FSA Handbook of rules and guidance states that it is required that 'the firm has in place the appropriate money-laundering prevention systems and training, including identification, record keeping and internal reporting procedures.' And it is document and records management that is consistently cited as an area where even the largest financial institutions fall down.

Press reports on the fine levied by the FSA on a major UK bank in 2004 noted that: 'FSA says weaknesses in the bank's record keeping systems and controls were found across its retail, corporate and business banking divisions. In over half of the sample of accounts tested in late 2002, (the bank) had failed to retain either a copy of the customer identification evidence or a record of where this evidence could be obtained. These failings were made worse by (the bank's) inability to determine the areas in which the breakdown in its record keeping systems had occurred.'

The FSA's own press statement on the bank remarked that: 'There was insufficient evidence to show that the clients were who they had claimed to be, while in some cases the bank was unable to supply copies or details of the documents it had used to verify identity. Examples of inadequate verification of identity are where the bank only verified a client's name but not his address, or where the documents the bank obtained were not capable of verifying identity.'

The ability to manage documents - electronic or physical, files or document images - is an issue that the major technology analysts are highlighting in a world where all businesses are facing increased levels of regulation and compliance. For instance, a Gartner Group paper stated on 21 September 2005 that: 'Publicly traded companies should adopt a secure records management approach (including a retention schedule and management policies) for their compliance and other business-critical data. Otherwise, they risk charges of data inaccuracies or, even worse, degradation of critical data.'

In 2001, the FSA conducted an investigation into money laundering controls at UK banks. It concluded that: 'Some 98% of the US$1.3bn went through the 15 banks with significant control weaknesses. The following deficiencies were found at one or more of the 15 banks: inadequate senior management oversight of the account opening process for customers who could be classified as higher risk; weaknesses in the verification of the identity of beneficial owners of companies; over-reliance on introductions by existing customers; inadequate understanding of the source of the customer's wealth; shortfalls in following industry guidance on reporting suspicious transactions to the National Criminal Intelligence Service; weaknesses in record retrieval and retention.'

The research

So, since 2001, have financial institutions put their records management houses in order, inspired by the fines and reputational damage inflicted on large, high-profile banks for inadequate anti money-laundering measures? Our research would suggest not.

We commissioned a study that revealed that only 43.5% of UK financial services have effective and formalised document management policies and procedures. The corollary is, of course, that the remainder do not. Given that document and records management is a sine qua non of anti money-laundering compliance, the situation remains seriously inadequate.

Our research also identified that the average FSA fine inflicted on institutions falling short on the anti money-laundering issue is currently over £1m.
Considering the seriousness with which the FSA is pursuing non-compliance in this specific area, we have to conclude that the community of substantial financial services companies - where they do not have adequate document and records management policies, systems and procedures - faces the threat of an equally significant penalty.
We define substantial either in terms of the size of the organisation, or in terms of the value of assets under management. Looking at the range of affected financial services companies, a conservative application of this definition leaves us with a community of over 400 organisations.

By combining the average fine, with the proportion of financial organisations revealed by our research to have inadequate document management policies and procedures, we can conclude that the financial services industry faces the likelihood of over £230m in fines if matters do not improve.

Reputational damage

A quarter of a billion pounds in fines is not something that any sector contemplates lightly, especially since money laundering is just one of the regulatory issues over which the FSA levies penalties. On the other hand, the reputational damage that these fines inflict on financial services companies is almost of more concern than their financial impact.
Britain has one of the freest, most competitive financial services markets in the world. Moreover, the strength of the economy, combined with a relatively liberal and non-protectionist regime, make it very attractive to foreign entrants. The result is fierce competition and an over supply of financial services providers. Any financial services marketer in the UK will affirm that it is not so much product differentiation that drives sales, as brand and reputation. And there have been enough historical scandals in this country to make it very important that financiers' reputations are preserved at all cost.

It is worth noting that the FSA itself is no stranger to the importance of good document and records management. In upholding certain elements of a complaint made against the FSA itself, the Office of the Complaints Commissioner noted: 'However, the FSA have not been able to find the entire file on X & Associates and in particular correspondence on the supervision of the Network in relation to X & Associates.'

Priority issue

So long as the twin threats of international terrorism and cross-border criminality remain high in the nation's (and the Government's) consciousness, money laundering will not disappear as a priority regulatory issue for the FSA and the institutions it watches over. Since top quality document and records management forms a critical foundation-stone of compliance, then there is no option for the 56.5% of financial services companies whose document management standards our research showed to be below par, but to move swiftly to avoid financial penalty and reputational damage.

Chris Haden is UK managing director, Anacomp,


- UK financial services companies face potential fines of over £230m because their document management standards are inadequate.

- Organisations at risk include banks, building societies, life assurance and pensions companies, stockbrokers and share shops, funds and fund managers, forex, credit card, hire purchase, IFAs and credit unions.

- Watertight document and records management systems and processes are a fundamental building block of anti money-laundering measures.

- Only 43.5% of financial services companies have effective document management policies and procedures in place.

- Those that do not face the risk of reputational damage from highly publicised fines.