Bank fined £1m after outsourcing faults led to improper transfers

Also resulted in exposure to financial risk


The Prudential Regulatory Authority (PRA) has fined a bank more than £1 million after finding that faults with its outsourcing arrangements helped rogue employees at a third party service provider to move money out of its bank accounts without its knowledge or consent and put the bank's own financial health at risk.

Faults in due diligence, documentation of responsibilities and oversight under the outsourcing arrangement were identified by the regulator as it fined Raphael Bank £1,278,165.

The bank had failed to "outsource important operational functions …properly and with due regard to its responsibility to ensure there was no detrimental impact on its ability to meet its prudential regulatory obligations as a result of the outsourcing", and managing the risks in that outsourcing, the PRA said in its enforcement notice (25-page/489KB PDF).

In addition, Raphael Bank did not have "adequate systems and controls in place" to help prevent the "improper transfers" taking place and detect the activity "in a timely manner", it said.

The failings were identified in a joint venture arrangement Raphael Bank participated in with another company in the same group in respect of the provision of ATMs. Raphael Bank's joint venture partner carried out some of the bank's activities, including overseeing certain payments and replenishing cash at ATMs.

The PRA criticised Raphael Bank for not carrying out "suitable due diligence adequately or at all in respect of its outsourcing" and for failing to have a written agreement from the outset of the joint venture confirming the arrangement. It said "the initial outsourced responsibilities" were also not documented at the time of the outsourcing.

When an agreement was put in place, 21 months after the outsourcing arrangements had gone operational, "it did not include any division of responsibilities and powers between [Raphael Bank] and [its joint venture partner and service provider] or specify appropriate arrangements for [its] oversight of the outsourced function", the PRA said.

The faults meant that some employees of Raphael Bank's joint venture partner, tasked with carrying out the outsourced functions, were able to "improperly" transfer money from Raphael Bank's accounts without the bank being aware of or permitting the activity, the PRA said. The employees took steps to "conceal their actions", it said.

The PRA said that the links between Raphael Bank and its service provider, together with the fact of the improper transfers, exposed the bank to potentially "severe" financial problems had its joint venture partner and service provider "become insolvent".

"The PRA considers that while an authorised firm may outsource important operational functions (for example, for reasons of efficiency or prudent financial management), it may properly do so only if it remains mindful of its regulatory obligations and gives due regard to the impact of the proposed outsourcing on its ability to meet, or continue to meet, such obligations," the PRA said.

"The PRA expects a prudently managed firm to carry out suitable due diligence on the counterparty to which it intends to outsource and to set appropriate parameters with regard to the division of responsibilities and powers, as well as adequate arrangements for the proper oversight of the outsourced function, all of which should be properly documented. Further, while a firm may outsource the practical aspects of the outsourced function, it may not outsource its regulatory responsibilities as they relate to the outsourced function," it said.

The PRA said that the improper transfers from Raphael Bank accounts had left the company exposed to its group to a greater extent than it had realised and that it led the bank to file "incorrect regulatory returns".

"A firm's correct understanding of its capital position and accurate representation of this in its regulatory returns are of fundamental importance in ensuring the firm's safety and soundness," the PRA said. "Accurate disclosure of information by firms is crucial to the PRA's ability to supervise firms effectively and hence to the success of the regulatory system and, by extension, to the stability of the UK financial system."

Copyright © 2015, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.


Biting the hand that feeds IT © 1998–2021