As readers know, the FCA has given 20 banks until next week to come up with lists of all their customers who are linked to the Panamanian law firm of Mossack Fonseca. Some compliance officers, perhaps from outside the UK, might be wondering how extensive its powers are to demand such things, as it can only enforce adherence to rules (or vague principles, which are actually classified as rules also).

Compliance Matters asked Charlotte Hill, a partner and regulatory expert at the City law firm of Covington & Burling, about the FCA's powers to demand such action.

"In my view, if it sends a bank a letter telling it to do something, it is as good as issuing a rule. The FCA can issue a command and then link it to a rule anyway. Its people can demand entry to a financial institution's headquarters if they like. It has the power to demand answers to questions; it can demand documents. There is a prison sentence for lying to the FCA as well, which is found in various bits of the Financial Services and Markets Act. It's also to be found in bits of the enforcement handbook. The maximum length of the sentence depends what you're lying about. If it's market abuse, you might conceivably get seven years."

What the regulator frets about

The FCA tends to publish its annual money-laundering reports in May or June, a couple of months later than its business plans which always appear around Easter. Around about the time when the old Financial Services Authority was changing into the Prudential Regulation Authority and the Financial Conduct Authority, its report of 2014 showed that it was worried that firms were not taking its messages relating to AML systems and controls seriously enough and that not enough was being done to address the “significant weaknesses” it was identifying in its pronouncements. This is no longer the worry that it used to be. Charlotte Hill pointed to its current obsession.

"That's what the FCA said then, but now the issue that's coming up is financial technology. The FCA is trying desperately to keep up with events there, often unsuccessfully. Some of the firms that provide financial technology are not regulated; some, according to current rules, should not be regulated; the FCA wants to bring them all into the fold. Many firms have different ways of transferring payments.

"That's why the FCA has brought in Project Innovate, to help support innovative firms and have a policy involvement. A lot of products are not regulated and could be open to money-laundering. They are looking at payment systems of various sorts - Bitcoin comes to mind. The other day, a Bitcoin start-up called Circle obtained an electronic licence from the FCA. The main concern is that regulation is lagging behind innovation."

"Regulators don't do databases"

Not so long ago, the old FSA pretended to be "technologically neutral." Again, the main area in which this made itself evident was money-laundering, especially the systems by which firms conducted 'due diligence' on their customers and tracked their transactions. This was once done manually, with Lloyds Bank being the last to go over to automated systems. The FSA declared that it did not care how firms did these jobs as long as they did them well, while actually kicking up a fuss behind the scenes whenever it encountered a large firm that still relied on manual checkers. This was typical of the way in which that discredited regulator worked. Another reason why the UK's regulators washed their hands of involvement in IT was an inherent one: regulators the world over are incompetent at handling, evaluating and/or building databases. As John Cassara, the famous AML investigator and compliance expert, put it: "Regulators don't do databases." Nevertheless, Charlotte Hill explained that 'technological neutrality' is now a thing of the past.

"Technology has really taken off since the days of technological neutrality. Costa Coffee payment cards need not be regulated as they can only be spent at Costa Coffee, so they have a legal carve-out, but cards that allow people to pay at multiple outlets are in the FCA's sights. Many cards are classified as 'payment instruments.' The FCA is looking at the potential of these new instruments for financial crime. One good way to get to know about them is to become involved in their development, hence Project Innovate."

Other regulatory policies

Compliance Matters then asked Charlotte Hill about trends in the FCA's so-called thematic reviews. A 'theme,' in impenetrable FCA-speak, is part of a 'cluster.'

"One trend is whistleblowing. The FCA has seen an upward trend here. Parliament has placed special whistleblowing rules in the Senior Managers' Regime, which calls on each firm to have a so-called whistleblower's champion. In this country we don't offer whistleblowers payoffs in the way the Americans do. There was some debate about doing that at the time when the Government was coming up with the Senior Managers' Regime. Both the Government and the FCA hated the idea."

Charlotte Hill agreed that one of the best ways for a compliance officer to defend himself against the kind of legal action that now engulfs banks regularly is to keep records of every decision, especially every decision in which he asked for resources or for better conduct from his firm and was turned down. One might expect everyone in compliance to be following the golden rule of compliance - "if it isn't written down, it didn't happen." Sad to say, she thought that compliance officers were failing to observe this necessity of self-preservation.

"Compliance officers are sometimes terrible at keeping records. If you haven't written anything down about how you complained to the board, you are in trouble. Sometimes, of course, they are very good - especially money-laundering reporting officers. I've seen many instances where the MLRO complains and the board of the bank says "give us some more information about that and we'll see about it," which in compliance is better than you can normally expect. Private banks tend to be better about it than others because they've been more in the spotlight when it comes to money-laundering, with all the publicity surrounding politically exposed persons or PEPs who want to move money onshore."

* Charlotte Hill can be reached on +44 20 7067 2190 or at chill@cov.com