A landmark: First FCA criminal proceedings under the MLR 2007

Last week the FCA announced criminal proceedings against NatWest for alleged breaches of regulations 8(1), 8(3) and 14(1) of the Money Laundering Regulations 2007 (MLR 2007).

This is a significant landmark, as the FCA’s first criminal prosecution under the MLR 2007.

Those working in financial institutions are asking whether this is a one-off or the shape of things to come, and, crucially, where the line should be drawn between AML failures the FCA regards as meriting criminal sanction and those that will be dealt with by the more familiar civil enforcement process.

Obviously, one case will not provide the answers. Particularly, because even if the   prosecution proceeds all the way, it will not result in  a reasoned judgment that will make the analysis supporting the decision clear.

However, we have set out below six key points about criminal prosecutions under the MLR 2007 that may provide some pointers:

• First, the announcement is not a surprise to anyone who has been listening to Mark Steward, the FCA’s Director of Enforcement. He and others at the FCA have for years been signalling the FCA’s appetite to use its power to prosecute when cases regarded as suitable are found. This reflects a wider trend towards the criminalisation of systems and controls failures and other forms of negligence, illustrated by the Bribery Act 2010, the tax evasion provisions of the Criminal Finances Act 2017 and more recently the offences in the Pensions Act 2021.
• Second, there is no ‘guilty mind’ requirement for criminal liability under the MLRs. The MLR 2007 are unusual (albeit not unique) in allowing criminal liability to be imposed on a corporate for failing to comply with their requirements without the prosecutor needing to demonstrate that anyone committed an offence of intent or predicate offence connected with that failure.
• Third, the breach of requirements under the MLRs must be proved ‘beyond reasonable doubt’. This is the crucial legal distinction between criminal proceedings and civil regulatory proceedings in relation to AML issues (which only require breach to be established on a balance of probabilities). The MLRs contain obligations cast in relatively high-level terms. The FCA will need, probably through expert evidence, to establish beyond reasonable doubt precisely what these obligations required the bank to do on the facts of the case.  This is a subtle but potentially important distinction with procedures liability under the Bribery Act 2010 and the Criminal Finances Act 2017, where the burden of establishing the adequacy or reasonableness of the procedures and rests with the defendant once the commission of the underlying offence of intent by an associated person is established.
• Fourth, the decision on guilt is ultimately for a  jury. In contrast to FCA enforcement, once charged with a criminal offence there is limited scope for a financial institution to influence the outcome by negotiation with the FCA: the decision maker is not FCA Enforcement, the RDC or the Tribunal – assuming the matter goes to trial, it is a jury of members of the public. The FCA will need to present its case in a way a jury can understand. In practice this means the criminal process tends to be followed where the facts are sufficiently obvious and egregious to be properly understood by a non-specialist, and perhaps (whatever the technical legal position) where there is evidence of recklessness by individuals that the FCA can point to as justifying a criminal sanction.
• Fifth, there is no formal settlement mechanism to avoid criminal liability. There is no DPA solution for prosecutions by the FCA which is not (to date) a designated prosecutor under the DPA architecture. This means that the bank will either be found guilty (with or without a plea agreement with the defendant) or the FCA’s prosecution will fail, either because it is abandoned, or the bank is found not guilty. The stakes are therefore high for both sides.
• Finally, the consequences of a guilty verdict are serious. Beyond the reputational harm, procurement debarment and licencing consequences may arise. The financial penalty on conviction for breach of the MLR 2007 is unlimited, and set by reference to the Sentencing Council’s Guidelines, rather than the FCA Handbook, to be applied by the Sentencing Judge. Fines will be based on an assessment of culpability and harm, weighed against factors that increase or reduce the seriousness of the offence. For money laundering offences, “harm” will be assessed by reference to the amount of money laundered or the cost avoided by failing to put in place an effective AML programme. The fine will also reflect factors that suggest the offence is more or less serious (for example, if there is limited or no actual gain to the institution from the breach). Given the large fines the FCA has levied for civil AML breaches, the approach taken to any penalty in this case will be watched with great interest.