The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Fed’s Cease and Desist Order for RBS Highlights the Data Issues Underlying its AML and Risk Management Practices

Share article

The issuance of a joint consent cease and desist order by the US Federal Reserve Board and a number of other state regulators last week for Royal Bank of Scotland (RBS) Group’s New York, Illinois and Connecticut branches indicates some of the data issues underlying its risk management and anti-money laundering (AML) compliance functions. The ruling by the Fed, which asks RBS to improve the oversight of its US operations in these two key areas, follows an AML related £5.6 million fine issued in August last year by the UK Financial Services Authority (FSA).

As well as RBS Group, the Fed’s order applies to the US-based branches related to RBS’ Amsterdam operations in the Netherlands, which were acquired during RBS Group’s acquisition of ABN Amro in October 2007. In addition to the Fed, the New York State Banking Department, the State of Connecticut Department of Banking, and the State of Illinois Department of Financial and Professional Regulation are also issuing the order in their various jurisdictions.

Given the fact that in the space of a year, RBS has received two regulatory slaps on the wrist related to AML, it is likely to be under intense regulatory scrutiny on both sides of the pond to ensure these issues are adequately dealt with. The FSA’s £5.6 million fine last year highlighted customer data management failings that meant RBS did not have adequate data checks in place to conduct mandatory AML screening.

For its part, the wholesale business of RBS has been working on a customer data management system revamp, focused on rationalising the database it acquired from ABN Amro and merging this with the legal entity data on the central RBS system over the last couple of years. However, it seems that the customer data management systems surrounding this consolidated database may not be as robust as required under US AML legislation, especially on a global basis.

It is also interesting to note that although RBS has been working on improving the quality of the data underlying its risk function as part of its One Risk project (as elaborated upon by head of reference data Mark Davies last year), the firm cut around 4,000 jobs in the operations and technology services teams last year . Could this headcount cutting have had an adverse effect on the risk project overall? What about the entity data management angle? Certainly, the firm is likely to be focusing more attention on bolstering the data management systems underlying the risk and AML compliance functions further as a result of the US ruling.

In its ruling, the Fed notes that although “certain business lines” have been integrated on the ABN Amro front, there are outstanding issues, including in the “cross border payment processing” function. It is therefore the duty of the Fed and the other US state regulators to: “ensure that RBS Group maintains effective corporate governance and oversight over the US operations, including the establishment and maintenance of robust risk management and compliance programs on a consolidated basis,” as required by the Office of Foreign Asset Control (OFAC) regulations.

To this end, RBS has been compelled to submit a written plan to the Federal Reserve Bank of Boston within 60 days that will detail its proposals to “strengthen board and senior management oversight of the corporate governance, management, risk management, and operations of the US operations on an enterprise-wide and business line basis” and to elaborate on its plans to improve its suspicious activity reporting and customer due diligence programmes. It also notes that enhancement to management information systems and data checking procedures will be integral to this improvement programme.

On the customer data management side of things, the group will need to improve its audit trail related to transaction monitoring, customer risk assessment (and the related data checks), due diligence and data monitoring.

A review of all the policies, procedures and processes is therefore likely to compel investment in data infrastructure in order to support this enterprise-wide compliance and risk management push. The regulators also note the need for a review of any third party service providers that are supporting the group’s operations, so data management partners such as SmartCo, who was selected last year for centralised securities reference and price data management, may fall under the spotlight.

On the staffing side of things, the regulators indicate that RBS must evaluate the coverage it currently has to ensure the branches are “adequately staffed by qualified personnel with the ability, experience, and other qualifications necessary to ensure that the branches comply with applicable laws and regulations.” New hires are therefore likely to be made in the data, risk and compliance teams over the coming months.

Once the group has submitted its written plans and they have been approved by the various regulators, RBS will have 10 days to kick off its improvement programmes. In order to monitor whether it is keeping to the schedule, the firm will also need to submit written progress reports detailing all the actions that have been taken on a quarterly basis.

Related content

WEBINAR

Upcoming Webinar: Entity identification and client lifecycle management – How financial institutions can drive $4 billion in cost savings

Date: 21 January 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes A new model in Legal Entity Identifier (LEI) issuance has created significant opportunities for financial institutions to capitalise on their KYC and AML due diligence. By becoming Validation Agents and obtaining LEIs on behalf of their clients, financial institutions...

BLOG

RTSV Regulator Panel: Global Perspectives – The Outlook for Regulatory Compliance and RegTech in a Post-COVID World

Last week saw the launch of A-Team Group’s immensely successful RegTech Summit Virtual 2020, with five days of intense and exclusive live content across a myriad of platforms, panels, live chats, interviews and presentations. The event kicked off with a detailed debate on the post-pandemic outlook for regulatory compliance, hosted by Jo Ann Barefoot (CEO...

EVENT

TradingTech Summit London

The TradingTech Summit in London brings together European senior-level decision makers in trading technology, electronic execution and trading architecture to discuss how firms can use high performance technologies to optimise trading in the new regulatory environment.

GUIDE

RegTech Suppliers Guide 2020/2021

Welcome to the second edition of A-Team Group’s RegTech Suppliers Guide, an essential aid for financial institutions sourcing innovative solutions to improve their regulatory response, and a showcase for encumbent and new RegTech vendors with offerings designed to match market demand. Available free of charge and based on an industry-wide survey, the guide provides a...