• Ben Tutt, FinCrime Threat Intelligence Lead at BAE Systems Digital Intelligence


• 19.04.2022 10:15 am
#Money #laundering

NatWest was fined around £265m after pleading guilty to criminal charges. Prosecutors argued the bank had failed to adequately monitor a customer account for signs of money laundering. In fact, between 2012 and 2016 that customer was bringing roughly £1m per week in cash to deposit into its account. It seems obvious now that this couldn’t have been anything other than a brazen money laundering scheme.

So why was the customer allowed to get away with it for so long? And what can the industry learn about the case to ensure it doesn’t happen again?

The money trail

The customer in question was Fowler Oldfield, a Bradford-based jewellers founded in 1897 and which operated for many years as a legitimate business. However, in recent years it began to market itself as a “cash for gold” service. In reality, it had become something more akin to a criminal bank, enabling nefarious actors to bring in their dirty money and, for a 7% fee, have those funds laundered and come back as wages or clean-looking assets. The scales inside the Fowler Oldfield warehouse were used not for weighing gold, but to count cash.

The scale of the enterprise was staggering—in fact, it may be one of the largest money laundering operations ever discovered in the UK. After five years, the customer had deposited £365m in total with NatWest, £264million of it in cash. It’s possible Fowler Oldfield was connected to multiple criminal gangs and  acted as the front for an international controller network (ICN). These are large organised crime groups which specialise in laundering the proceeds of crime between international jurisdictions.

Getting away with it

There were many red flags that weren’t picked up by NatWest, despite the concerns of some staff. Most blatantly, Fowler Oldfield purported to be a cash-for-gold business, which means it would be taking gold from customers, paying them in cash, then selling the gold wholesale. In fact, it was doing almost the opposite—depositing huge amounts of cash ‘profits’ with the bank. Yet the disconnect between business profile and reality was not properly recognised and acted upon.

There are three main reasons Fowler Oldfield got away with its criminal operation for so long. First, although the business account was flagged by NatWest as “high risk” after being opened in 2011, it was downgraded to “low risk” two years later. Part of the reason was a change to its business activity on the bank’s systems, from “precious metals” to “wholesale of metals and metal ores”.

A second part of the problem was a failure by the bank to continuously monitor changes to the profile of its customer. There are many upfront onboarding checks customers must pass when they open a new account, which Fowler Oldfield did. But then it evolved into a different type of business which began making large cash deposits with the bank. One  big issue was failing to trigger an event-driven review (EDR) into why this change occurred and whether it was legitimate or not.

The third issue may well be the key factor: Fowler Oldfield’s relationship manager at NatWest, who has since been dismissed by the bank and arrested by police. Between November 2013 and March 2016 this individual declined to submit any suspicious reports internally, despite there being 11 internal money laundering suspicious alerts (IMLSRs) from concerned colleagues and branch managers. This individual oversaw all transactions and convinced colleagues that any unusual transactions were not suspicious which led to no suspicious activity reports (SARs) being filed

What can we learn?

It’s clear that, to an extent, the system was working. After all, NatWest employees flagged multiple alerts about Fowler Oldfield over the years. But in a much broader sense it failed. The relationship manager had far too much power, and that’s something that banks need to ensure they put a check on going forward. It also failed to take account of its customer’s changing business profile and behaviour over time. An EDR should have been triggered automatically when the firm started making large cash deposits. A policy to conduct periodic reviews was ignored, and many banking staff didn’t raise the alarm when they saw large bags of cash coming in.

Ultimately, compliance teams are only as strong as their weakest link, which in this case was the relationship manager. Yet there’s a bigger picture. There appears to be a willingness to look the other way because the client was profitable. The banking industry must be more objective in its approach. Scrutiny should be rigorous no matter how much a customer business is making. If the National Crime Agency (NCA) hadn’t taken an interest in the case, Fowler Oldfield may still be laundering huge sums of criminal cash to this day.

Part of the answer may lie with technology. At present, three-quarters (75%) of financial crime professionals are unable to test the effectiveness of their anti-money laundering (AML) detection systems against real-world criminal behaviours. This is a major gap in capabilities, which can be filled by services designed to accurately simulate criminal and victim behaviour. By testing and quantifying the performance of AML detection systems, critical improvements can be made.

Despite global banks spending $12bn each year on financial crime compliance, only 1-2% of suspicious activity they identify is likely to be of immediate value to law enforcement agencies. Moreover banks are drowning in false positives that could be reduced if they had a clearer idea of what they were looking for. It’s clear things need to change. And hopefully the Fowler Oldfield case will be a spur to improvements which help to prevent anything like this happening again.