Insight,

FCA brings first criminal prosecution against a bank

The arrival of the first criminal prosecution against a bank under Money Laundering Regulations (MLRs) by the UK's Financial Conduct Authority (FCA) has led to speculation that the FCA is ramping up in terms of electing to prosecute for a criminal offence as opposed to a civil or regulatory breach.

The prosecution in question is being brought under the 2007 MLRs and involve an acceptance by the bank of a large sum in cash and other deposits without, the FCA alleges, appropriate due diligence and ongoing monitoring of the accounts for the purposes of preventing money laundering. The same offence is susceptible to the FCA electing for a criminal rather than a civil prosecution under the 2017 MLRs.  While this is the first time the FCA has taken the criminal route against a firm (as opposed to an individual), it has always been available to the regulator and the FCA's Enforcement Guide sets out clearly the criteria that will be applied when deciding which election to make. However, this recent action has led to speculation that the FCA is embarking on a slew of similarly criminal prosecutions.

The statistics do not necessarily bear out the conclusion that this is the path the regulator is pursuing. Figures from the FCA's Enforcement Annual Performance Report for 2019/20 show that out of 217 enforcement 'outcomes', 208 were civil or regulatory in nature, and 9 (4.2%) criminal.  The Report also shows that no criminal cases were closed in that period, and that the average length or criminal cases in the same 2018/19 period was 75.9 months in contrast with that for civil cases of 17.5 months.  Costs of prosecution were similarly greater.

While clearly the cost and sheer time involved in bringing a criminal prosecution, as well as the greater burden of proof incumbent on the prosecuting regulator, do militate against a steep uptick in such prosecutions by the FCA, this first foray against a bank should encourage firms to reexamine their policies and procedures.  At the very least, the FCA has shown that it is prepared and willing to engage its statutory powers to act as a prosecutor of offences that can be criminal.

LATEST THINKING
Insight
This article was written by Barri Mendelsohn and Greg Stonefield.

20 January 2022

Insight
This article was written by Mark Schaub and Atticus Zhao

08 November 2021

Publication
The growth of the digital economy has led governments around the world to seek to regulate cybersecurity and privacy of individuals. The digital economy has eroded national boundaries, accentuated possible risks to infrastructure and allows for personal information to be collected on a scale undreamt of and to be used in ways few understand. China's authorities tackled cybersecurity with the PRC Cybersecurity Law (Cybersecurity Law) which came into effect on 1 June 2017. This law also touched upon privacy concerns and marked that regulating of the digital economy and cyberspace was a serious objective. On 1 September 2021, China Data Security Law came effect. The focus of this law is the protection and security of critical data in relation to national security and the public interest. China's new Personal Information Protection Law (PIPL) which comes into effect on 1st November 2021 deals in a much more comprehensive manner with individual data. The Cybersecurity Law, the Data Security Law, PIPL and a plethora of other regulations need to be considered as a whole when international companies operate in or with China. However, as we explain in this article PIPL will likely cause much more concern for international businesses as 1) it is coming soon; 2) it applies much more broadly; 3) it establishes very legitimate rights for individuals vis a vis their personal data but such rights will need to be reflected in business processes; 4) the penalties have real teeth; and 5) one can expect very active enforcement due to a mix of motivated regulators and concerned individuals being empowered to take action. In this article we seek to provide an overview as to how PIPL will hold companies accountable and also what measures we believe need to be taken.

15 September 2021