The regulation of banks is a difficult and high profile task. The banking industry is complex and plays a fundamental role in the UK’s economy. The financial crisis highlighted the importance of the UK having a regulatory regime that can maintain the health and stability of the banking sector. Banks provide payment and funding services that are central to the successful operation of the modern economy. Regulation therefore needs to ensure that the banking sector is healthy. This blog post will briefly outline the main developments in the UK’s regulatory approach in recent years, and will identify the key areas of concern facing the regulators. Continue reading
The day has arrived on which a cyber attack has succeeded in breaching a bank’s security with the result that customers’ money has been taken from their accounts. According to press reports the accounts of around 40,000 customers of Tesco Bank have been accessed and the bank has refunded £2.5 million to 9,000 who have had money removed.
Banks’ IT systems are an obvious target for cybercriminals. The fact that such systems contain both money and data on customers makes them extremely tempting. As banks have developed new channels for delivery of services, such as websites, mobile applications and social media, these have often been added, or linked, to existing out-dated systems. This increased complexity may mean that new avenues of attack are inadvertently created, and make it difficult for a bank to rapidly pinpoint the source of system risks and breaches. The increased use of distributed computing, with multiple systems running across multiple servers, can also create new system risks and simultaneously increase the number of staff requiring access. While external threats are increasing, it appears that industry insiders remain responsible for a significant share of bank fraud. How the Tesco cyber attack was carried out remains unclear, but the scale and speed of the transfer of funds suggests a degree of sophistication. Continue reading
By Prof Keith Stanton, Professor of Law (University of Bristol Law School).
It has not been a good few weeks for the banking industry. In America Wells Fargo has been rocked by a scandal in which staff have been found to have fraudulently opened accounts for customers as a way of meeting sales targets. Deutsche Bank has teetered on the brink of disaster as a result of the size of the penalty it is facing in the US for misselling mortgage bonds. In Singapore the Monetary Authority has penalised two banks for anti-money laundering failures and control lapses and has withdrawn the license of a third bank for such failures. For once, the major UK based banks have been out of the headlines. However, the Financial Conduct Authority has added to the picture by penalising the Bangladeshi Sonali Bank (UK) Ltd £3.11 million and Steven Smith, the bank’s Compliance Officer and Money Laundering Reporting Officer (MLRO) a further £17,900 for anti money laundering (AML) failures. The bank was also prohibited from accepting deposits from new customers for a period of 168 days and Smith prohibited from performing a range of functions in the industry.
The Sonali Bank decisions are further examples of the FCA using its enforcement powers to send messages to the industry. It is part of the attempt to change the culture in banking and to reduce, if not eliminate, risk which might threaten the integrity of the banking system as a whole. It is widely accepted that money laundering poses a significant threat to the integrity of the financial system. As a result, firms are required to adopt rigorous controls aimed at minimising the risk of money laundering occurring. The facts of Sonali concerned these AML obligations. The case is a good example of the fact that the criminal offences which are commonly said to place banks under a stringent obligation to guard against money laundering are, in practice, of much less significance than regulatory action concerning failures taken by the FCA. Continue reading