The Financial Services Authority (FSA) has fined the Royal Bank of Scotland Group (RBSG) £5.6 million for failing to have adequate systems and controls in place to screen transactions under Money Laundering Regulations.

The Financial Services Authority (FSA) has fined the Royal Bank of Scotland Group (RBSG) £5.6 million for failing to have adequate systems and controls in place to screen transactions under Money Laundering Regulations.

Under Money Laundering Regulations, banks must have proper systems in place to screen customers and payments against the Treasury List. This is a list of individuals and entities that are subject to financial sanctions. The law requires firms to not provide funds or financial services to designated persons unless a licence is obtained from the Treasury.

However, during the period between 15 December 2007 and 31 December 2008, RBSG, which includes RBS, Natwest, Ulster Bank and Coutts & Company, was considered to be in breach of the regulations for a number of failings, including weaknesses in its screening software, which was implemented in 2006.

Although the group was unable to provide a breakdown of the volumes of payments and SWIFT messages that were not screened during this period, the FSA said that data for one day in July 2009 indicates that around 75 percent of all inbound and outbound messages would not have been screened in the relevant period.

In its decision notice, the FSA said it considered the banking group’s failings to be particularly serious because: “Unless they have in place robust systems and controls, UK financial institutions risk being used to facilitate transactions involving sanctions targets, including financing.

“Small amounts of funding could be sufficient to finance terrorist activities and hence the sanctions-related systems and controls implemented by firms need to be robust enough to capture such payments.”


The FSA found that after RBSG initially set up the screening systems, it failed to routinely review and monitor the ‘fuzzy matching ‘ capabilities in the screening software. This meant that the fuzzy matching parameters, which refers to the ability of screening software to identify names similar to those on the sanctions list, became out-of-date and therefore become significantly less effective at identifying potential matches.

Another weakness of the screening software, which was not discovered until external accountants hired by RBSG carried out a review in mid-2008, was its inability to screen or block payments where the beneficiary’s name was spread across more than one line in the SWIFT message. This meant that if a name was longer than the first line, it would not be effectively screened and in some instances the software would not pick up exact matches to the sanction list. The banking group did not implement a solution until June 2009.

According to the FSA decision notice, RBSG, through its RBS Group Security & Fraud division (GS&F), was aware of deficiencies of the screening systems during the relevant period, but did not act on these deficiencies “in a timely manner”. This contributed to systems failings remaining in existence for one year and not resolved earlier. Issues raised by the external accountants’ review were also not addressed for months afterwards.

These delays were not helped by the fact that the software provider, who was not named in the decision notice, would rate issues raised by GS&F at a lower priority level, and therefore did not always act in a timely manner to resolve any problems.

For example, at the end of 2008, a review by RBS Group Internal Audit found 13 outstanding issues, raised by GS&F with the screening software provider, with some issues not being addressed for more than six months. This was despite GS&F and the software provider meeting weekly to discuss issues and their priority for resolution.

Margaret Cole, FSA director of enforcement and financial crime, said: “By failing to screen relevant customers and payments against the HM Treasury sanctions list, RBSG left itself open to the risk that it was facilitating terrorist financing.

“The scale of the fine shows how seriously the FSA takes this issue and should act as a warning to other firms to ensure that they have adequate screening procedures.”

By agreeing to settle early in the FSA investigation, RBSG qualified for a 30 percent discount, and therefore avoided an original fine of £8 million. It has also made improvements to the screening software in order to comply with the regulations.

In April three major firms, including Credit Suisse, were fined a total of £4.2 million by the FSA for failing to provide “accurate and timely transaction reports” to the regulator.

Other banks have also been penalised by the FSA for systems and controls failures, including Nomura, UBS and Barclays.