In November 2014, FCA published the results of two thematic reviews into how firms manage their financial crime risks, together with proposed guidance on financial crime systems and controls. The clear message from the papers, and the press release that accompanied them, is that FCA is losing patience. It found many practices that continue to show significant weakness, and accused firms of not using common sense or getting the basics right. In this article, we look at the reviews and guidance, and what firms should do to get financial crime prevention compliance right.
Firms should not be strangers to FCA's interest in financial crime controls. It and its predecessor had conducted various reviews over the past few years, including:
private banks' anti-money laundering (AML) systems and controls in 2007; implementation of a risk-based approach to AML in 2008; UK financial sanctions controls in 2009; bribery and corruption in insurance broking in 2010; small firms' financial crime review in 2010; bank management of high-risk money laundering situations in 2011; anti-bribery and corruption (ABC) systems and controls in investment banks in 2012; and banks' control of financial crime risks in trade finance in 2013. Many significant fines have either pre-empted or followed the reviews. There are now too many to list, but their common themes have been:
failure to conduct proper customer due diligence (CDD) and specifically failure to recognise when to conduct enhanced due diligence (EDD); over-reliance on head offices in other jurisdictions, instead of independent risk assessment; failure to understand the nature of intermediary or distributor relationships and therefore inability to properly assess bribery and corruption risks; and the only action taken under the Money Laundering Regulations 2007 (MLR) for failure to have in place adequate sanctions systems and controls. A further theme, common across the final notices, is that there is no need for FCA to find actual incidences of money laundering, sanctions breaches or bribery. Firms (and sometimes their Money Laundering Reporting Officers (MLROs) also) can suffer heavy fines when FCA considers their procedures, systems and controls would not have been good enough to detect a breach of the law.
THEMATIC REVIEW - AML AND SANCTIONS RISK MANAGEMENT IN SMALL BANKS
FCA carried out its review on how small banks manage money laundering and sanctions risks as an update to the 2011 review. It wanted to see how the sector had responded to the issues it had raised and how small banks' AML systems and controls had improved as a result of the review.
What did FCA look at?
The review covered 21 smaller banks, five of which had been part of the 2011 review. The 21 included seven wholesale banks, six retail banks and eight wealth management and private banks. The review addressed:
Governance, culture and management information
FCA found some improvement here.
It still found weaknesses in governance but on the whole saw improvements in senior management engagement on AML issues. It was disappointed it had taken many banks more than a year from the 2011 report to assess their systems and controls and found many reviews had in fact followed FCA taking enforcement action against similar firms....