The Financial Conduct Authority has fined Metro Bank £16.7 million over "failings" in data monitoring mechanisms designed to identify and prevent money laundering.
British regulations require financial institutions to keep a close eye on customers to identify criminal behaviour and maintain risk-based anti-money laundering (“AML”) control frameworks.
On June 6 2016, Metro deployed an Automated Transaction Monitoring System (ATMS) to monitor customer transactions. However, the FCA said there were "serious deficiencies" in relation to the set-up, operation and oversight of the ATMS, which were not identified and fixed within an "acceptable period of time".
The regulator said that Metro "failed to monitor" more than 60 million transactions with a value of more than £51 billion. That amounts to 6.0% of its total transaction volume and roughly 7.6% of its total transaction value.
These transactions were only reviewed "a number of years after the event" in 2022, resulting in Metro filing 153 suspicious activity reports, sending 43 notices to customers closing their accounts, and submitting 1,403 suspicious activity reports.
Data "failings"
The ATMS was fed with information from Metro’s Data Store (“DS”), a database that "contained a near real-time view of the data within Metro’s core banking records system".
Metro decided that the data feed to the ATMS should originate from the DS for a "number of reasons, including operational resilience", the FCA reported. This data included customer, account and transaction records.
However, almost three years after the ATMS went live, an issue called a
“Time Stamp Code Logic Error” was identified during routine testing, which meant that "a large number of transactions had not been fed into the ATMS for ongoing monitoring," the FCA alleged.
The issue was reportedly caused by an error in the data extraction methodology which loaded data from the bank's data store into its ATMS.
"Over an approximately three-year period from Metro’s implementation of the ATMS, the Time Stamp Code Logic Error impacted in the region of 166,000 accounts, meaning that over 46.5 million transactions related to those accounts with an associated value of over £31.5 billion had not been monitored," the FCA wrote.
READ MORE: Metro Bank wins a lifeline, but for how long?
A "tactical fix" to remedy the Time Stamp Code Logic Error was implemented on 21 July, whereupon at least 99.7% of Transaction Records were consistently fed into the ATMS.
Metro's "failure" to identify the error arose because it "did not check the completeness of data fed into the ATMS". Even its "ad hoc reconciliations" in course of 2020 were "inadequate in the absence of a formal procedure for checking the completness of the data", the FCA continued.
This erroer "significantly impacted" Metro’s ability to identify which customer, account and transaction records were sent to the ATMS and "consequently its ability to ensure that all of these records were monitored appropriately."
Metro also failed to put in place "adequate systems and controls" for managing an issue referred to internally as “Bad Data” - the name for any records rejected from the ATMS.
"The records which were rejected from the ATMS as Bad Data were placed into Bad Data folders," the FCA wrote. "However Metro failed to put into place a regular review process for the account and transaction records in the Bad Data folders, which were only intermittently reviewed as part of wider work to understand the Bad Data issues."
Daniel Frumkin, Chief Executive Officer of Metro Bank, said: “The conclusion of these enquiries draws a line under this legacy issue, allowing the bank to move forward and fully focus on the future, building on the solid foundations it has already laid."