NEWS CAREERS

The perils of focusing on growth to the detriment of risk and compliance

Image of Alexandra Ruddy

Alexandra Ruddy

Director

2024 brought some fairly significant fines levied by regulators to the fore.  At Oben we advocate the review of financial sanctions and associated public statements issued by respective regulators as a gauge of your own firm’s “regulatory health”.  In this article I examine similarities between matters identified in these public statements, albeit from different regulators, in respect of three banks.

Whilst each of the three banks are different in market sector and business model, each share common failings which we see not only in the banking sector but also in other financial services sectors.  Given the current economic environment and indeed the conversations colleagues and I have been having with industry participants of late, it seems clear that taking the foot off the compliance pedal now would be a mistake and indeed a costly one.

So, who are the players in this sorry tale of regulatory failings?

TD Bank  (Toronto- Dominion) is an established “traditional” bank.  It is a Canadian bank arising from a merger of the Toronto Bank and the Dominion Bank in 1955.  It is now one of Canda’s top 5 banks.  However, the fine was levied at its US operation.  The bank was fined a total of $3 billion on 10 October 2024 for significant anti-money laundering (“AML”) failings and breaches of the Bank Secrecy Act. This was the largest fine ever levied and included $1.3 billion from the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and $1.8 billion from the U.S. Department of Justice. Further, the Office of the Comptroller of the Currency (a US bank regulator) also placed restrictions on business by implementing a $434bn asset cap as part of the penalty agreement (which also includes a limit on the bank’s business functions and total consolidated assets).  This level of fine and the reputational damage caused has generated significant media coverage and commentary.

Metro Bank is a challenger bank with a significant physical presence. The bank was established in 2010 in the wake of the 2008 financial crisis as a start-up, the first UK bank to launch in 105 years.  It received a fine of £16.7 million from the UK’s Financial Conduct Authority (FCA) on 12 November 2024, for substantial failings in relation to its transaction monitoring controls between June 2016 and December 2020.

Starling Bank is a UK bank, occasionally referred to as a digital challenger bank or neobank, providing current and business bank accounts in the UK. The FCA fined Starling Bank £28.9m for financial crime failings related to its financial sanctions screening. It also repeatedly breached a requirement not to open accounts for high-risk customers.

Whilst TD Bank’s fine is eye watering in size, the other fines are also substantial and reflect the seriousness of the regulatory failings identified.  Seemingly both TD Bank and Starling had engaged external consultants who had prepared reports identifying these systemic issues and yet senior management in both institutions had failed to act.

Further, it appears that all three banks focused on growth over sustainable business practices.  Rather than ensuring investment in systems and controls and elevating the importance of compliance and risk management they had each targeted aggressive growth tactics. Metro Bank quickly focused on rapid branch expansions and ambitious targets.  A bailout from investors was necessary in 2023 fuelling the view that its growth outpaced its operational controls.  The resulting fine in 2024 seems to support this conclusion.

TD Bank’s focus was on aggressive sales and growth strategies.  In 2021 a class action was launched by employees who claimed they were pressured into selling customers products and services they did not want or require, in order to drive up revenue, with the threat of job loss should they be unwilling to participate.

Starling Bank also faces scrutiny of growth strategy with reports stating that the bank prioritised rapid customer onboarding and scaling, seemingly at the expense of ensuring compliance with regulatory requirements and more so ensuring robust protection against financial crime. The FCA noted “Starling grew quickly, from approximately 43,000 customers in 2017 to 3.6 million in 2023. However, measures to tackle financial crime did not keep pace with its growth.”

What is abundantly clear is the narrative surrounding all three banks’ fines attributes failings to leadership and culture.  Metro Bank has been openly criticised for corporate governance lapses noting that management had been too focused on growth and business development to prioritise risk management.  We see this conflict at all levels when performing reviews.  Those businesses who are more successful, in our view, are those whose governance framework is robust, investing in a sound control framework, allowing the business to on-board those customers it can adequately manage. Finding the balance between risk tolerance, assessment and management whilst driving growth is difficult.

TD Bank’s growth strategy has been openly condemned.  A business’ best asset is its human resource.  Investment in controls is necessary but investment in people is paramount.  Ensuring that employees are skilled through learning and development and enabling an open environment that prioritises responsibility and accountability rather than a blame culture can help mitigate some of the issues we see called out in these three cases.

Starling Bank’s troubles arose following a visit by the FCA in 2021 (a review of financial crime controls at challenger banks).  The FCA identified serious concerns with the AML and sanctions framework in place at Starling. The bank agreed to a requirement imposed via the FCA restricting it from opening new accounts for high-risk customers until this improved. Starling failed to comply and opened over 54,000 accounts for 49,000 high-risk customers between September 2021 and November 2023. This highlights a growth strategy at the expense of compliance set from the top down.

Concerningly, in the case of Metro Bank the FCA noted “Junior staff did raise concerns about some transaction data not being monitored in 2017 and 2018, but these did not result in the issue being identified and fixed.” A culture whereby junior employees concerns are disregarded or potentially deemed insignificant in terms of board strategy has resulted in reputational damage and a hefty financial sanction.

In conclusion, all three cases highlight the delicate balance between innovation or growth and maintaining trust, compliance, and operational integrity.

Oben is well placed to assist your business with reviews of your governance framework, risk management and control framework.  We regularly undertake effectiveness reviews and regulatory health-checks.  Please contact me (alexandra.ruddy@oben.je ) or Nicola Ingram (nicola.ingram@oben.je) to discuss your business needs.