Commerzbank’s FCA fine demonstrates danger of AML lapses

Written by Jake Plenderleith on Thursday July 16, 2020

The Financial Conduct Authority (FCA) fine of almost £38 million on Commerzbank AG’s London branch for anti money laundering (AML) failures[1] is a reminder that the most fundamental risk-based AML controls are still not being implemented in some financial services firms.

Failings at Commerzbank London were identified by the FCA in a ‘number of areas’. These included the failure of the bank to conduct periodic due diligence on its existing clients in a timely fashion, resulting in nearly 2,000 overdue due diligence checks on existing clients by March 2017.

In addition, the FCA highlighted ‘long-standing weaknesses’ in Commerzbank London’s automation tool for monitoring money laundering risk on client transactions. Incredibly, some 40 high-risk countries were found to be absent from the automation tool in 2015, and over a 1,000 individuals had not been added.

Finally, the appropriate policies and procedures were absent for customer due diligence checks on clients.

Such concerns were raised by the FCA with Commerzbank in 2012, 2015 and 2017.

AML warnings unheeded

Commenting on the fine, FCA Executive Director of Enforcement and Oversight Mark Steward said that Commerzbank’s oversights over an extended period had ‘created a significant risk that financial and other crime might be undetected’.

The size of the FCA enforcement (£37,805,400) is substantial, demonstrating not only the depth of the failures but also, crucially, that the opportunities to address them were squandered, with FCA warnings going unheeded.  

It’s also worth stressing that the FCA specifically referenced that the failures had continued despite FCA enforcement against other firms for not being up to standard, and the regular dissemination of FCA guidance, which clearly set out what was expected.

The case is illustrative for other reasons, too. The measures Commerzbank London failed to implement or even put in place were not new-fangled measures but basic AML controls that have been a requirement for some time. 

It’s also important to note that these were long-standing issues. Commerzbank had been warned by the FCA of its AML failures on three separate occasions over the last decade and did not act on them. That they were given the opportunity to rectify their errors and didn’t suggests deeper problems of responsibility, leadership, organisation and training.

Culture at any firm is important, with the tone-from-the-top establishing expected behaviours from all members of staff. Such a culture at Commerzbank undoubtedly would have prevented Commerzbank from not following FCA regulations, and it’s something that will need addressing if the firm is to avoid a repeat of a regulatory penalty. 

That Commerzbank agreed to resolve the matter with the FCA early is laudable, and resulted in a 30% reduction in the FCA penalty. The FCA also recognised that the bank had undergone a ‘significant’ remediation exercise to haul its AML controls up to the required standard, and further, that these remediations had been tested by a Skilled Person. 

AML: Lessons to be learnt

What can senior management and regulated firms learn from this case? There are a few crucial takeaways. The first is that the FCA are willing to engage with organisations that are not following its regulations. No matter the gravity of the situation a firm may find itself in, it stands to benefit from communication and cooperation with the FCA. Secondly, the FCA will provide opportunities for firms to make amends when they identify weaknesses. It is in a firm’s interest to respond to these within an appropriate window of time.

Thirdly, that fines of this scale are wholly avoidable, and would not have occurred had senior management at Commerzbank acted quickly on the FCA’s recommendations, or conducted internal checks to make sure its AML controls were up to scratch. Finally, that risk-based AML controls are not something that be implemented and then forgotten about: a continual cycle of evaluation and assessment should take place to ensure controls are effective and reflect the risk.

Had Commerzbank responded adequately to FCA concerns back in 2015, then the multimillion pound fine, and all its attendant consequences (reputation, for instance), would have been avoided.

[1] FCA, ‘FCA fines Commerzbank London £37,805,400 over anti-money laundering failures’, 17 June 2020: – accessed June 2020


Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author