About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Fed’s Cease and Desist Order for RBS Highlights the Data Issues Underlying its AML and Risk Management Practices

Subscribe to our newsletter

The issuance of a joint consent cease and desist order by the US Federal Reserve Board and a number of other state regulators last week for Royal Bank of Scotland (RBS) Group’s New York, Illinois and Connecticut branches indicates some of the data issues underlying its risk management and anti-money laundering (AML) compliance functions. The ruling by the Fed, which asks RBS to improve the oversight of its US operations in these two key areas, follows an AML related £5.6 million fine issued in August last year by the UK Financial Services Authority (FSA).

As well as RBS Group, the Fed’s order applies to the US-based branches related to RBS’ Amsterdam operations in the Netherlands, which were acquired during RBS Group’s acquisition of ABN Amro in October 2007. In addition to the Fed, the New York State Banking Department, the State of Connecticut Department of Banking, and the State of Illinois Department of Financial and Professional Regulation are also issuing the order in their various jurisdictions.

Given the fact that in the space of a year, RBS has received two regulatory slaps on the wrist related to AML, it is likely to be under intense regulatory scrutiny on both sides of the pond to ensure these issues are adequately dealt with. The FSA’s £5.6 million fine last year highlighted customer data management failings that meant RBS did not have adequate data checks in place to conduct mandatory AML screening.

For its part, the wholesale business of RBS has been working on a customer data management system revamp, focused on rationalising the database it acquired from ABN Amro and merging this with the legal entity data on the central RBS system over the last couple of years. However, it seems that the customer data management systems surrounding this consolidated database may not be as robust as required under US AML legislation, especially on a global basis.

It is also interesting to note that although RBS has been working on improving the quality of the data underlying its risk function as part of its One Risk project (as elaborated upon by head of reference data Mark Davies last year), the firm cut around 4,000 jobs in the operations and technology services teams last year . Could this headcount cutting have had an adverse effect on the risk project overall? What about the entity data management angle? Certainly, the firm is likely to be focusing more attention on bolstering the data management systems underlying the risk and AML compliance functions further as a result of the US ruling.

In its ruling, the Fed notes that although “certain business lines” have been integrated on the ABN Amro front, there are outstanding issues, including in the “cross border payment processing” function. It is therefore the duty of the Fed and the other US state regulators to: “ensure that RBS Group maintains effective corporate governance and oversight over the US operations, including the establishment and maintenance of robust risk management and compliance programs on a consolidated basis,” as required by the Office of Foreign Asset Control (OFAC) regulations.

To this end, RBS has been compelled to submit a written plan to the Federal Reserve Bank of Boston within 60 days that will detail its proposals to “strengthen board and senior management oversight of the corporate governance, management, risk management, and operations of the US operations on an enterprise-wide and business line basis” and to elaborate on its plans to improve its suspicious activity reporting and customer due diligence programmes. It also notes that enhancement to management information systems and data checking procedures will be integral to this improvement programme.

On the customer data management side of things, the group will need to improve its audit trail related to transaction monitoring, customer risk assessment (and the related data checks), due diligence and data monitoring.

A review of all the policies, procedures and processes is therefore likely to compel investment in data infrastructure in order to support this enterprise-wide compliance and risk management push. The regulators also note the need for a review of any third party service providers that are supporting the group’s operations, so data management partners such as SmartCo, who was selected last year for centralised securities reference and price data management, may fall under the spotlight.

On the staffing side of things, the regulators indicate that RBS must evaluate the coverage it currently has to ensure the branches are “adequately staffed by qualified personnel with the ability, experience, and other qualifications necessary to ensure that the branches comply with applicable laws and regulations.” New hires are therefore likely to be made in the data, risk and compliance teams over the coming months.

Once the group has submitted its written plans and they have been approved by the various regulators, RBS will have 10 days to kick off its improvement programmes. In order to monitor whether it is keeping to the schedule, the firm will also need to submit written progress reports detailing all the actions that have been taken on a quarterly basis.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: In data we trust – How to ensure high quality data to power AI

Artificial intelligence is increasingly powering financial institutions’ processes and workflows, encompassing all parts of the enterprise from front-office to the back-office. As organisations seek to gain a competitive edge, they are trialling the technology in variety of ways to streamline and empower multiple use cases. Some are further than others along the path to achieving...

BLOG

Data Hurdles, Expertise Loss Hampering BCBS 239 Compliance

A combination of data management hurdles, talent shortages and poor succession planning are bedevilling banks as they struggle to respond to a long-standing risk data aggregation directive – even after repeated European Central Bank (ECB) criticism of their compliance shortfalls. The Basel Committee on Banking Supervision’s Principles for effective risk data aggregation and risk reporting...

EVENT

Data Management Summit London

Now in its 16th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

AI in Capital Markets: Practical Insight for a Transforming Industry – Free Handbook

AI is no longer on the horizon – it’s embedded in the infrastructure of modern capital markets. But separating real impact from inflated promises requires a grounded, practical understanding. The AI in Capital Markets Handbook 2025 provides exactly that. Designed for data-driven professionals across the trade life-cycle, compliance, infrastructure, and strategy, this handbook goes beyond...