Global menu

Our global pages


New FOI request reveals further criminal probes into AML breaches

  • United Kingdom
  • Fraud and financial crime


Following the recent prosecution and sentence of NatWest Bank for breaches of the UK anti-money laundering (AML) regime at the end of last year, speculation has been growing about whether or not we should expect to see similar cases being brought by the regulator.

Our recent Freedom of Information Act request reveals that the FCA’s enforcement caseload for money laundering regulation breaches remains relatively limited. We take a look at the latest figures and discuss the associated risks for Firms and their Senior Managers. 


What are the UK Money Laundering Regulations (MLR)?

UK businesses in the regulated sector are required to comply with the MLR 2017. These are stringent rules about how to manage money laundering risk in customer relationships, which apply to financial and credit institutions, lawyers, tax advisors, casinos, estate agents, letting agents and art intermediaries.

The MLR impose complex and far-reaching obligations on firms to ensure the effective management of the risk of their services being used for money laundering. Breaches may be dealt with by civil penalty or criminal enforcement. Until the prosecution of Natwest Bank, the FCA had only ever used its civil powers to deal with breaches of the regulations.

In some ways, this isn’t surprising. The FCA’s preference for using its regulatory powers, rather than pursuing criminal enforcement, can be explained by the civil standard of proof being easier to satisfy than the criminal standard, and the fact that the regulatory investigative process tends to be quicker, cheaper and less of a drain on the FCA’s resources than criminal investigations. The potential saving of time and costs by pursuing the regulatory route has been a significant factor in FCA decision-making in the past about which powers to use in circumstances where the outcome of a successful investigation/prosecution of a regulated firm is likely to be the same, i.e. a financial penalty (and where such penalties tend to be larger when the regulator is using its regulatory powers). In a limited number of cases, as we noted here, the FCA has adopted a dual track approach, where it retains the ability to treat relevant breaches as incurring criminal or civil liability while the investigation progresses.

What are the regulated offences?

Separate to the MLR, but imposing additional regulated sector obligations, is the complementary regime under the Proceeds of Crime Act 2002 (POCA) which provides for the recovery and confiscation of proceeds of criminal activity and money laundering. It creates ‘regulated offences’ in the regulated sector for failing to disclose knowledge or suspicion of money laundering internally for individuals generally and to the National Crime Agency (NCA) for individuals appointed as firms’ nominated officers respectively (s.330/331), and for ‘tipping off’ (s.333A). The latter offence is committed if a person alerts an individual suspected of money laundering, or their close associate, that an investigation is either in progress or pending.

Who’s being prosecuted?

In the last six months, we have seen the first prosecution by the FCA of a British bank under the MLR, in a move which has sent a chill wind across the financial services sector and beyond. Until this case, there had been no criminal enforcement of MLR breaches. There has been much speculation about whether this case will be followed by a deluge of MLR prosecutions. But is this justified? What does the FCA’s current caseload look like?

Current investigations – breaches of MLRs

In the wake of the NatWest prosecution, we sought further information from the FCA to better understand the current enforcement landscape for potential breaches of the MLR. Responding to our Freedom of Information Act (FOI) request about its ongoing civil and criminal caseload in this area, we’ve learned that the FCA currently has:

  • 41 open investigations into potential AML failings;
  • One ongoing single track criminal case relating to breaches of the MLR or its predecessor, the Money Laundering Regulations 2007 (together, MLRs) relating to a firm;
  • Eight dual track investigations into breaches of the MLRs, six of which relate to firms; and
  • Three single track civil investigations into breaches of the MLRs, one of which relates to a firm.

These results bear comparison to the figures we received in response to an FOI request in August 2020, which we reported on here, the figures in the FCA’s most recent annual report published in July 20211 and the results of a further FOI request received in October 2021.

The annual report confirmed that the FCA had 54 open investigations relating to financial crime. When compared to the 88 cases that were open as at March 2019, it indicates that the FCA has been reducing its caseload where possible over the past few years, given the challenges it has faced during the COVID-19 pandemic, which accords with anecdotal evidence. Assuming that as at March 2022 54 financial crime cases remained open, 76% of these cases related to potential AML failings. However, only a small proportion of these relate to breaches of the MLRs.

In relation to single track criminal investigations, the FCA has confirmed that it has not discontinued any cases since 11 October 2021. This date marks the point at which NatWest pleaded guilty to three offences under the MLR. Given that this case concluded in December 2021, the above figures suggest that the FCA is pursuing another single track criminal case. 

In the period since October 2021, the FCA has doubled the number of dual track investigations into breaches of the MLRs and maintained the number of single track criminal cases. This might indicate a demonstrable effect of Mark Steward’s public commitment to “enliven the jurisdiction”. However, the figures also confirm, again, that the vast majority of the FCA’s open investigations are being conducted on a regulatory basis. This should also be viewed in the overall context of the FCA discontinuing five single track criminal investigations and four dual track investigations into breaches of the MLRs since July 2020.

Current investigations – breaches of POCA

In its response to our FOI request, the FCA confirmed that it has no live investigations relating to the ‘failures to report’ offences (s.330/331 POCA). It also confirmed that it has never launched a formal investigation into breaches of these sections. Whilst the FCA does not have the power to initiate investigations specifically in relation to the failure to report offences under s.330/331 POCA, and would only be able to investigate and consider prosecution of these offences if evidence of offences came to light as part of an investigation into other issues, such as breaches of MLRs, it’s still perhaps surprising that no MLRO has been investigated for failure to report suspicious activity. Given the FCA’s remit and the type of systems and controls failings it regularly identifies, it seems surprising that the failure to report offences have never once been the subject of a formal investigation associated with MLR breaches or otherwise.

Changes made in June 2021 to the CPS Money Laundering Office Legal Guidance for prosecutors, mean that prosecutors can now bring charges under s.330 POCA even if there is insufficient evidence to establish that money laundering was planned or had taken place. Whilst some have argued this may result in more ‘failure to report’ investigations, the fact is that prosecutions of MLROs are likely to remain the exception, as it’s expected that these offences will continue to be reserved for grave misconduct on the part of an MLRO, rather than negligence or incompetence.  

Similarly, prosecutions for the ‘tipping off’ offence are vanishingly rare, although it is unclear as to whether the FCA has yet considered this offence in the context of other investigations. However, the first prosecution for a least a decade has recently commenced and relates to allegations that an individual, a founding partner of a law firm in London, told a client that the Serious Fraud Office (SFO) was investigating him after the partner was served with a notice compelling him to produce documents pursuant to section 2 of the Criminal Justice Act 1987.


Caution should always be applied when drawing conclusions from small numbers, but it’s particularly interesting to note that in 5 months, the FCA has doubled the number of dual track investigations it has underway, and that it’s progressing an additional single track criminal case relating to breaches of the MLRs.

However, given the numbers of criminal discontinuances to date and the FCA’s preference for using its regulatory powers, there is nothing to suggest that these figures will turn into the deluge of criminal prosecutions that the market fears.

What the figures do highlight is the FCA’s continued focus on financial crime, and on AML failings in particular. Firms should be cautious of taking comfort from the fact that the FCA has yet to investigate any offences under s.330/331. It remains the case that the FCA will look to use its criminal powers where evidence points to egregious failings in the requirement to report. Given the FCA’s remit in supervising firms, and what feels like an increasing confidence in the criminal arena, it is probably a matter of time before we see an MLRO or employee fall foul of these provisions.

The news of a prosecution of a ‘tipping off’ offence should also serve as a reminder of the serious consequences individuals face if they tell clients about an ongoing investigation, or if they disclose to anyone that they have made a Suspicious Activity Report. Firms should ensure adequate procedures are in place to ensure the risks of disclosure are minimised, particularly in guiding employees as to how to deal with clients in respect of whom suspicions arise.

1. Enforcement data – Annual Report 2020/21 | FCA