The FCA recently published its findings on a review into the financial crime controls implemented by a sample of challenger banks covering the following areas:
- Governance and management information;
- Policies and procedures;
- Risk assessments;
- Identification of high risk / sanctioned individuals or entities;
- Due diligence and ongoing monitoring; and
- Communication, training and awareness.
Whilst the FCA has acknowledged that challenger banks have been effective in utilising data and technology to simplify the onboarding process for their customers, the findings have shown that greater focus must be placed on strengthening their financial crime control frameworks to ensure they are robust and fit for purpose.
The FCA has highlighted the following areas that require improvement:
- Customer risk assessment – Some challenger banks were found to have inadequate customer risk assessments that were ineffective in assessing the risk of entering into and continuing business relationships with their customers. In one instance, the challenger bank did not have a customer risk assessment at all which significantly impaired its ability to apply customer due diligence measures proportionately and effectively.
- Customer due diligence (“CDD”) and enhanced due diligence (“EDD”) – Although some challenger banks did comply with their CDD obligations to identify and verify their customers, they did not go beyond the basic identification and verification requirements to create a full picture of the customer’s risk profile. For example, most did not obtain income and occupation details in order to assess the nature and intended purpose of the customer relationship, nor were EDD procedures documented and applied consistently to higher risk customers. Similarly, one firm was found to rely on their transaction monitoring systems to identify higher risk customers rather than applying CDD measures at the onboarding stage.
- Financial crime change programmes – Weaknesses were identified in some challenger bank’s ability to manage, oversee and control financial crime change programmes resulting in control frameworks becoming misaligned to growing and evolving business models. It was identified that clear project plans are required to facilitate the enhancement of controls in a timely manner with appropriate governance arrangements and oversight by senior management throughout the project lifecycle.
- Ineffective transaction monitoring alert management – Inadequate handling of transaction monitoring alerts was identified as a common theme, including:
- Incomplete and undocumented investigations;
- Rationale lacking detail to justify discounting an alert as a false positive; and
- Inadequate resources to review alerts and submit Suspicious Activity Reports as soon as practicably possible in line with the requirements set out under the Proceeds of Crime Act 2002.
- Suspicious activity report (“SARs”) submissions – Concerns were raised as to the effectiveness of internal procedures when submitting SARs to the National Crime Agency (“NCA”). This is in part due to the substantial increase in the volume of low value SARs being submitted which were unlikely to result in law enforcement action. Additionally, many of the SARs failed properly to identify the basis of the suspicion. In some instances, customers were allowed to continue transacting before a response to a Defence Against Money Laundering report had been received from the NCA.
- Principle 11 Notification – Some challenger banks had failed to notify the FCA of known significant financial crime control failings in accordance with their obligations under Principle 11 of the FCA Handbook.
AML and anti-financial crime systems and controls remains a key area of focus for the FCA and its supervision and enforcement teams. These findings show that there is likely to be increased scrutiny of challenger banks and set out a baseline of the FCA's expectations for other financial services firms in this area. The FCA has made clear that it expects challenger banks to:
- Consider and actively engage with the findings of this review in order to enhance and update their financial crime control frameworks;
- Review and update customer risk assessments and enhanced due diligence measures to ensure they are robust and fit for purpose when assessing the risk associated with entering into and continuing a business relationship with a customer;
- Consider the themes set out in the FCA’s Dear CEO letter concerning the common control failings identified in retail banks;
- Review the Treasury’s National Risk Assessment 2020 (UK NRA) to ensure that money laundering and terrorist financing risks are considered as part of its risk assessment; and
- Refer to the Joint Money Laundering Steering Group guidance for practical guidance on how to apply anti-money laundering and counter terrorist financing measures.
If you’d like to discuss these issues or need assistance in reviewing or developing your AML or anti-financial crime controls, please get in touch with us.
Authored by Claire Lipworth, Matthew Handfield and Sasha Jones