BCL partner John Binns’s article ‘Failure and Fault: What NatWest’s £400m fine tells us about corporate liability for money laundering’ has been published by Reports Legal.
Here’s an extract from the article:
Corporates and crime: the context
On 7th October 2021 did one of the UK’s ‘big four’ banks, NatWest plc (‘NatWest’), plead guilty to a ‘failure to prevent’ money laundering? Some of the headlines certainly seem to suggest that it has, in the first prosecution by the Financial Conduct Authority (‘FCA’) under ‘new money laundering regulations’. And yet, for those who follow the glacial development of UK prosecutors’ attempts to change the basis for corporate entities’ liability for economic crimes, this would seem an incongruous result – hinting, perhaps, that the laws they seek are already on the statute book. So, are the offences to which the bank has pleaded guilty, either ‘new’, or fairly characterized as a ‘failure to prevent’?
The starting point (under Tesco v Nattrass  UK HL 1) is that banks, like other companies, can generally be guilty of offences in UK law only via their ‘directing minds’ – typically, someone at board level – at least, where the offence in question involves a ‘fault’ element, such as intention or recklessness. In the principal money laundering offences in the Proceeds of Crime Act 2002 (‘POCA’), that fault element is buried in the definition of ‘criminal property’, in that the person accused must either know or suspect that the money (or other property) they are dealing with represents the proceeds of crime, a low but subjective threshold. A set of ‘failure to disclose’ report offences applies to persons working in the ‘regulated sector’, such as at banks, and can be committed where they have ‘reasonable grounds for suspecting’ that another person such as their customer, is money laundering an objective test.
The obligations of the banks
These are not, however, the offences to which NatWest has pleaded guilty. Rather, it has confessed to breaches of the more prosaic, regulatory obligations under the 2007 iteration of the UK’s Money-Laundering Regulations (‘MLRs’), which transposed the third of the EU’s money laundering directives (‘MLDs’). The scheme of the EU-wide MLDs was and is to require regulated bodies to carry out customer due diligence (‘CDD’), both at the outset of the relationship (as reflected in Regulation 7 of the 2007 MLRs) and on an ongoing basis (Regulation 8), with those procedures sometimes required to be ‘enhanced’ (Regulation 14). The rationale of the MLDs was and is to detect, discourage, displace, and disrupt the misuse of financial and other institutions, protecting the integrity of the EU’s single market, by way of administrative obligations.
At the UK level, the MLRs made breaches of those obligations a criminal offence, for which regulated businesses – including companies – could be convicted and fined without an additional ‘fault’ element, although individual officers of a convicted company could also be guilty if the offence involved their ‘consent, connivance and neglect’ (Regulation 47)). But they also gave supervisors – in the banks’ case, the FCA – powers to deal with such breaches by way of civil procedures and penalties. The fact that these powers have previously been the default is the reason why we have only now seen the first prosecution under the MLRs.
Failure to prevent… what?
Importantly, neither a prosecution nor a regulatory intervention for breach of the MLRs requires any admission or proof that any underlying customer has committed a principal money laundering offence in POCA or, indeed, that anyone has ‘failed to disclose’ such an offence – even based on an inference from the way funds are handled, using the precedent of R v Anwoir  EWCA Crim 1354. In that respect, they are different from the corporate ‘failure to prevent’ offence in Section 7 of the Bribery Act 2010, which makes a company liable for bribes paid by an ‘associated person’, subject to a defence that it had ‘adequate procedures’ to prevent such activity.
The Section 7 offence has been the basis of several Deferred Prosecution Agreements (‘DPAs’) in recent years, in which companies have (in effect) made admissions to the Serious Fraud Office (‘SFO’) about the guilt of ‘associated persons’, as well as their own lack of ‘adequate procedures’, and accepted financial and other penalties as a result. The fact that the ‘associated persons’ are conspicuous by their absence, despite their guilt being an essential ingredient of the offence, has been a controversial aspect of the DPA scheme.
This article was published by Reports Legal on 12/10/21. You can read the full version on their website here.