| UK & Europe | Articles
The latest financial crime review from the FCA points towards significant shortcomings among challenger banks, with learnings for firms across payments and banking.
“The weaknesses we found create an environment for more significant risks of financial crime to occur both when customers are onboarded and throughout the customer journey.”
FCA, April 2022
The story told in this review is similar to that in almost every banking related sector subject to detailed financial crime supervision by the FCA – highlighting the need for firms to implement and embed effective controls that are tailored to the particular risk the firm faces, instead of treating them as a tick-box compliance exercise.
The FCA concludes that the risks posed by the challenger banks and their faster onboarding processes are not inherently different from more traditional banks. In fact the evidence of poor behaviour they set out is consistent with previous reviews of AML controls in other banking sectors, so these findings should not come as a major surprise to most firms. Many of the findings would not be out of place in a Section 166 requirements notice and indeed the FCA have indicated that several challenger banks will have received at least this level of intervention during this review.
While this review focused on a specific sector, firms offering similar products and services (e-money and payments firms) should review and consider the FCA findings as their products present very similar risk profiles to those of digital retail banks. Weak links in the payments eco-system will find that their businesses, however innovative, will be under significant regulatory (and subsequently cost model) pressure if they do not have effective, scalable financial crime controls, both in the initial design and reviewed regularly.
The FCA’s key findings
Scaling controls to growth
The FCA commented that firms should “continuously” make sure that their AML framework (resources, processes, and technology) remains commensurate to the growth in their business – requiring more scrutiny than an annual review by the MLRO. For firms in a high growth phase, monthly monitoring and reporting to Boards about effectiveness is increasingly expected, with those assessments backed up by effective management of financial crime change programmes by senior management.
Customer Risk Assessments (CRAs) – more detail and coherence required
A number of firms were found to have CRA frameworks that were not well developed and lacked sufficient detail, with some not even having a customer risk assessment in place.
How this framework sits within the overall financial crime risk assessment for the firm, the level of detail and usage of the Customer Due Diligence (CDD) information – specifically the nature and purpose of intent of the account – collected to drive robust transaction monitoring and therefore identification of suspicious activity, is a key driver of the effectiveness of the whole risk-based framework and should be one of the basic elements set in place.
Customer Due Diligence – occupation and income to be gathered and assessed
This information is required, and expected to be obtained to better assess the purpose and nature of an account opening. This information should also be utilised as part of ongoing due diligence, to develop an actionable intelligence picture at both an individual client or more macro level.
Monitoring and Suspicious Activity Reports (SARs) – alert handling, learnings and waiting for consent
The findings on managing transaction monitoring alerts mirror our observations with clients. As SARs are sent to the UK Financial Intelligence Unit of the National Crime Agency, it’s key that analysts record good reasons for discounting alerts. Often, these problems are caused by the sheer volume of alerts due to calibration and/or automated adjudication which is increasingly favoured by challenger banks.
The FCA also found occasions where firms were making payments after issuing a SAR to the NCA. This has obvious legal consequences and one of the key controls in place must be an effective freezing of account activity after a SAR has been filed and before consent has been received.
Following a SAR, firms should consider what that tells them about the quality of controls earlier in the customer lifecycle. If a firm is exiting a client for financial crime reasons, was there an opportunity to identify that reason at onboarding or another occasion? If so, why wasn’t it identified earlier? This can often help flush out opportunities to improve the effectiveness of controls.
Openness and proactive management pays dividends
The FCA found on several occasions that firms had not disclosed serious AML findings that had been discovered internally. FCA Principle 11 requires firms to disclose anything that the regulator would reasonably expect to know, including ineffective financial crime controls. We have seen numerous firms avoid regulatory intervention by detecting problems, being proactive and open with the regulator about those problems including a plan for fixing them and then executing on that plan effectively.
You can read the full FCA report here.
What should firms be doing right now?
Ask the tough questions about the effectiveness of your financial crime framework
It’s especially hard in successful startup and rapidly scaling businesses to hold up that harsh mirror, but the financial control framework is mission critical for firms as they are often in the front line of money laundering. Get it wrong and growth plans can be seriously affected.
Take urgent action where there are gaps
Whether it’s a business wide risk assessment that’s over a year old; a customer risk assessment that misses a new segment; or a backlog of monitoring/screening alerts, the time to address it is now, not in six month’s time.
Think beyond these findings
The target audience for this review is MLROs and professionals who will, of course, do a gap analysis against their businesses. But thinking more dynamically about how the whole anti-financial crime framework is designed and implemented across fraud, AML, CTF, sanctions, bribery and corruption, and market abuse to use data effectively will be the hallmark of success for top performing firms.
We can help
Our specialist fraud & financial crime team actively help firms manage their financial crime risks; conducting healthchecks, risk assessments, assisting with policies, governance and training; and supporting throughout regulatory visits and interventions.