First published on Thomson Reuters Regulatory Intelligence on the 24th of February 2017
In a recent survey of Non-Executive Directors and Company Secretaries conducted by Huntswood, 67% of respondents said they were concerned about the impacts of financial crime risk (FCR) on their organisations in 2017.
I would argue that it should be higher.
Every financial services firm is exposed to the risk of being used as a vehicle for financial crime, and decision makers in every firm – if financial crime is adjudged to be a product of poor risk management – will soon be held accountable for failings under the Senior Managers and Certification Regime (SM&CR – the regime has already been applied in banking, of course).
Rather than suggesting that the remaining 33% of boards are falling short in their appetite to manage financial crime risk, I believe the above statistic reveals that there are a number of boards who believe they already understand the risks and how they should be managed.
In a world where criminal methods are constantly changing, firms’ approaches should similarly be subject to regular refinement. They should be tailored to the nature of the business they do and the changing regulatory and market environment.
Individuals in our survey who rate their understanding as comprehensive are likely correct, however, when it comes to understanding financial crime risk, to stand still is to move backwards, and so board members should always have an appetite to gain a view of the landscape and understand more. This may involve getting closer to work designed to assess this landscape, for example, that of the compliance team, CRO and / or MLRO.
So what factors should the board be aware of in this space, and how can they reconcile all of the moving parts within their organisation (and the external legislative and regulatory factors) to maintain a clear view of financial crime risk they face?
Crucial areas for the board
Understand the role of culture in a changing regulatory environment
I notice that often, what’s written about culture tries to be a catchall for every possible scenario; an overarching definition of ‘good culture’ within firms. However, when it comes to financial crime risk, it’s fast becoming clear that because every organisation is unique, its culture must be individually tailored in order to manage the risks it faces.
Nonetheless, there are a few general principles which should be observed across all financial services organisations in order to foster cultural success. Business leaders must have the appetite to gain a comprehensive view of risk, continually improve outcomes and ensure a healthy culture by ‘living the values’ they wish their firm to operate by. This involves outward endorsement of the those values, ensuring that the right messages and knowledge are delivered to the front line.
Speaking specifically from a financial crime risk perspective, boards and non-executives should ensure their firms:
- Assess the risks they are exposed to based on the type of business they are doing, the markets they operate in and the structure of their business (for example, whether or not they distribute products through third parties). Firms can gain a view of the current state of performance by performing a financial crime risk assessment
- Ensure that the view of financial crime risk is ongoing, for example, endorsing periodic reviews of the risk framework as part of ongoing financial crime risk assessment
- Ensure that the organisation’s structure promotes “coordination and information sharing” (as per the FCA Handbook). The regulator says that “there is no one ‘right answer’” in this area, and again, the information shared should be tailored to the firm’s risk exposure
- Provide easy access to policies and regularly review employee competency, filling any gaps in understanding with appropriate training
Facilitate proportionate internal challenge
Where a firm’s values should be decided on by senior leaders and proliferate downwards to every level of the organisation, there also needs to be a platform for internal challenge and concerns to be escalated upwards in the business.
Proportionality is the key to success here. If the purpose of the platform to challenge is understood and used in the correct way, the board can be provided with valuable insight and the ability to address issues before they crystallise. Does the board:
- Have a robust and widely-known process for raising concerns over products and processes?
- Assess these concerns sufficiently in order to determine their legitimacy? How are legitimate concerns acted on?
- Seek to understand not just the management information they receive, but where it came from and whether it is conducive to their ongoing view of financial crime risk?
Constantly refine controls
The control environment is essential to the ongoing view of risk. Being too conservative with your approach may result in disproportionate business costs versus the actual level of risk you face; however not being stringent enough can clearly expose firms to financial crime events, regulatory censure and ultimately, customer detriment. There is a fine balance to managing this. Boards must:
- Ensure they have an understanding of the drivers of poor risk management within their firm and how to recognise these using the available information
- Endorse regular reviews of the control environment in order to ensure it continues to be effective (in an environment where risk is constantly changing, this is vital)
- Defined what suspicion looks like in their organisations – the whole business must understand what is seen as suspicious activity in order for suspicious activity reporting (SARs) to be proportionate
- Be confident that customer due diligence is robust and that customers are categorised relative to the risks they pose
As well as continually assessing their own internal approach, it will become ever more important for firms to engage in the sharing of financial crime-related information with their peers. This can allow firms to obtain much more comprehensive information on individual customers and allow their controls to be more effective. Market competition certainly doesn’t supersede the need to protect society from the ills of financial crime, and so I see this being key to financial services’ developing approach.
Insisting on the APPROPRIATE risk environment
Boards are of course faced with many regulatory, legislative, commercial and customer outcomes-related challenges across many areas of their business. However, no risk poses more threat to society than financial crime, and so this is where regulatory focus is most prevalent currently.
Board members – both executive and non-executive – are clearly embracing these challenges as they too recognise the severity of the risks, and this is borne out by the results of Huntswood’s survey.
By considering some of the points above, individuals and boards can obtain the best level of understanding about how financial crime manifests itself (or might manifest itself) within their firms, and this allows them to react proportionately using the risk-based approach to protect its own interests, those of the regulator, and most importantly, those of its customers.