The settlement of a recent financial services regulatory enforcement action by the Central Bank of Ireland (CBI) highlights the interconnectedness of regulatory breaches. In brief, a failure of controls and policies can create a domino effect which triggers liabilities under the anti-money laundering/counter terrorist financing (AML/CTF) regime, client asset requirements and a finding that key frontline personnel are not fit and proper for their role.

The case concerned a firm authorised by the CBI as an alternative investment fund manager. A recent client (the real client) had placed funds for investment with the firm. A fraudster (the fake client) hacked into the real client's email account and impersonated the real client by sending redemption instructions to the firm. The firm's employee complied with the fake client's instructions notwithstanding a number of red flags – including that the redemption monies were directed to third party accounts, were in small batches (thereby evading UK banking controls) and were inconsistent with the Real Client's investor status. Furthermore, the fake client's instructions contained syntax errors that should have put the employee on inquiry that the real client could not have been the author. The real client lost his original investment but was reimbursed by the firm. The firm voluntarily reported the incident to the CBI, which began a regulatory investigation and reached an agreed settlement with the firm involving a substantial fine.

The CBI found that the firm had failed to implement its own AML/CTF policies, and had breached client asset requirements by (amongst other things) paying client assets to a third-party account. The CBI also found that the firm's AML/CTF training was inadequate and that the employee dealing with the matter was not a fit and proper person for the role. Accordingly, a single incident resulted in breaches across three discrete regulatory areas: AML/CTF, client asset protection, and the fitness and probity regime. This shows the domino effect of regulatory breaches. Or, as it was put more elegantly by Claudius in Shakespeare's Hamlet: 'When sorrows come, they come not single spies, but in battalions.'

Originally published by www.iflr.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.