FINMA has conducted investigations at several banks since 2015 in relation to suspected corruption involving FIFA, Petrobras and PDVSA. The objective of these inquiries was to establish whether clients of Swiss banks were involved and whether the banks had complied with regulatory provisions, particularly as regards combating money laundering. FINMA commissioned an investigation to establish the relevant facts at Credit Suisse AG. The investigation covered the period from 2006 to 2016. FINMA launched one integrated enforcement procedure in February 2017 due to the commonalities among the three cases. In September 2018, FINMA concluded this integrated enforcement procedure as well as another procedure involving a PEP business relationship (see below).
Deficiencies in compliance with due diligence obligations relating to FIFA, Petrobras and PDVSA
FINMA determined through its enforcement procedure that Credit Suisse AG had infringed its anti-money laundering supervisory obligations in all three instances. The established shortcomings are as follows:
- Identifying the client
- Determining the beneficial owner
- Categorising a business relationship as posing an increased risk
- Performing the necessary clarifications upon increased risk plus associated plausibility checks
The identified shortcomings occurred repeatedly over a number of years, mainly before 2014. An above-average number of faults were discovered in business relationships opened by the former Group subsidiary Clariden Leu AG. The reviews of the bank’s conduct in the FIFA, Petrobras and PDVSA affairs were conducted independently of each other but show similar results.
No automated comprehensive overview of client relationships
To combat money laundering effectively, every relevant department within the bank must be able to see all the client’s relationships with the bank instantly and automatically. Credit Suisse AG has been in the process of implementing such a “single client view” since 2015. Progress has been made, however this overview is still to be extended outside the Compliance unit. This results in organisational weaknesses in addition to the contraventions of anti-money laundering provisions.
Deficiencies in the management of a significant PEP client relationship
The second procedure relates to the management of a significant business relationship for the bank with a politically exposed person (PEP). FINMA initiated enforcement proceedings in 2016 and appointed an investigator to establish the facts. FINMA again identified shortcomings in compliance with anti-money laundering due diligence obligations.
The bank was too slow to identify and treat the PEP client as posing increased risks. Moreover, the due diligence and corresponding documentation relating to the business relationship were incomplete. The bank failed to meet its heightened due diligence obligations regarding investigation, plausibility checks and documentation regarding the client and certain related high-risk transactions.
Lack of control of a successful client relationship manager
The PEP business relationship case also reveals weaknesses in the bank’s organisation and risk management. FINMA established that the bank had failed to adequately record, contain and monitor the risks arising over a number of years from the PEP business relationship and the responsible (and since criminally convicted) client relationship manager.
The relationship manager in question – who was very successful in terms of assets under management – breached the bank’s compliance regulations repeatedly and on record over a number of years. However, instead of disciplining the client manager promptly and proportionately, the bank rewarded him with high payments and positive employee assessments. The supervision of the relationship manager was inadequate due to this special status.
FINMA accordingly identified both organisational deficiencies (in terms of allocation of responsibilities, supervision and control) and a lack of effective corrective intervention. Given the significance of the PEP business relationship and the associated risks, the bank’s risk management was not appropriate in this instance.
Measures to strengthen anti-money laundering compliance
The bank has addressed the situation in-house and adopted several measures since the end of 2015 to strengthen its compliance in general and, in particular, to combat money laundering. It also cooperated with FINMA during the procedure. FINMA acknowledges the improvements, some substantial. However, it has also decreed additional measures to complement the bank’s actions and restore full compliance with the law. These measures are designed to further improve the bank’s governance, organisation and risk management in the wealth management business.
Credit Suisse AG must remediate the relevant control systems and processes, and so prove that higher-risk business relationships and transactions are adequately detected, categorised, monitored and documented.
In addition, the bank must have implemented the “single client view” for all relationships and for all relevant functions by the end of 2019.
FINMA will appoint an independent third party to review the implementation of these measures, including the measures initiated since 2015, their adequacy and effectiveness.