Financial crime is a key area of focus for the FCA and it has been one of their key priorities since 2015. The regulator’s latest AML Annual Report covers how the FCA supervises firms, the findings from their supervision work, and the subsequent policy developments.
A risk-based approach to AML supervision
The FCA’s supervisory approach is risk-based and proportionate, encompassing the following three methods:
- Pillar 1: Proactive AML supervision for high-risk firms, with random visits to lower-risk firms
- Pillar 2: Event-driven and reactive supervision of actual and emerging risks, in line with the FCA’s risk appetite
- Pillar 3: Thematic work that focuses on risks and issues across firms or sectors
AML supervision strategy
The AML supervision strategy includes the existing proactive programme covering AML, terrorist financing and sanctions. The supervisory programmes are:
- Systematic AML Programme (SAMLP): The SAMLP is a proactive tool that supervises 14 major UK retail and investment banks regularly. The SAMLP highlighted risks such as weak governance frameworks with insufficient oversight and weaknesses in systems and controls. However, the SAMLP also highlighted many encouraging findings, such as better senior management engagement and a positive culture in firms.
- Regular AML inspections of other high-risk firms: This involves a dynamic approach by moving firms in and out of the programme, depending on the level of risk. There were similar findings to the SAMLP, with the right tone from the top resulting in a positive AML culture and controls, however some firms were found to have weak risk assessments and inappropriate application of enhanced due diligence for high-risk customers (e.g. PEPs)
- Financial Crime Risk Assurance Programme: The aim of this is to assess firms outside existing programmes involving supervisory visits or desk-based reviews of low-risk businesses to give the FCA a better picture of the risks posed by different sectors and to provide assurance that their assessment of risk is correct. The FCA asserted that they would assess firms regardless of their size, location and business model to enhance learning and assurance across the sector
- Financial crime data return: At the end of 2016, firms (excluding those with revenue less than £5m unless they are deposit takers) were required to submit financial crime data. The data enhances the FCA’s AML supervision strategy, highlights emerging issues and can be used for both proactive trend analysis and intra-and cross-sector risks. These ‘PAMLP’ visits, informed by REP-CRIM, are typically 2-3 days
- Real Time Gross Settlement (RTGS): Payment service providers will be able to compete with banks with direct access to RTGS. The FCA will assess the AML systems and controls of all non-bank RTGS applicants
Findings and outcomes
Overall, most day-to-day AML activity was noted to be working within the industry, although some of the regulators key findings are that:
- Weak governance and under-resourcing is affecting the effectiveness of controls, such as transaction monitoring not being kept up-to-date
- Legacy systems are a challenge for firms (but it is acknowledged that improvements are being made)
- Smaller firms face challenges with understanding their obligations and ensuring a proportionate response
- Small firms have key individuals who have multiple roles and competing priorities
- There are backlogs of alerts, with potential suspicious activity and sanction breaches
In 2016/17, over 150 referrals, from a variety of sources including whistle-blowers, law enforcement agencies and other regulators, were considered with nearly 90 cases actioned. The FCA has also used powers under S.166 of the Financial Service and Markets Act (FSMA) 2000 to instruct firms to be independently assessed where remediation work is required.
- Office for Professional Body AML Supervision (OPBAS): The FCA will be responsible for monitoring the AML supervision carried out by professional bodies (e.g. the Institute of Chartered Accountants) to raise standards and ensure a consistent approach
- New technology and effectiveness: Steps are being taken to reduce the burden of compliance through innovative methods of streamlining AML activity
- De-risking: There has been a concern that banks are mitigating money laundering risks by denying customer access to the financial system, notably in correspondent banking. As such, firms have been encouraged to better communicate with customers when exiting or rejecting relationships.
- Improving the UK’s AML regime: The FCA proposed amendments to the Criminal Finances Act to increase information sharing and explore the centralisation of transaction monitoring to enable banks and law enforcement to better understand transactions and reduce Suspicious Activity Reports (SARs)
Working with partners at home and overseas
The FCA will continue to work alongside law enforcement and other partners, such as the Joint Money Laundering Intelligence Taskforce (JMLIT), and the Joint Financial Analysis Centre (JFAC) (a taskforce set up to analyse the Panama Papers leak), as well as the Financial Action Task Force (FATF) to forge robust international standards.
Regulatory next steps
The FCA has an aim to have OPBAS operating by the end of 2017 and they are working with the Treasury and other partners for FATF’s evaluation of the UK’s AML regime, which will take place in late 2017 to early 2018.
Considerations for firms
Although the money laundering regulatory landscape has not changed significantly over the last few years, the Government is looking at ways to improve the way the regulations are enforced to reduce bureaucratic barriers to growth and productivity within the sector, all firms should ensure they understand the change of regulation brings and review their compliance and readiness to the requirements.
Since the first REP CRIM submission in March this year, FCA will have begun to utilise the data from the new data return in benchmarking regulated firms across the same industry, firms may wish to consider an independent review of the current state of their AML framework to assess the level of its compliance and comparison to peers and regulatory expectations, and determine the next appropriate course of action to address any gaps in line with industry practice.
The FCA’s findings recognise regulated firms’ efforts to combat money laundering, but also draws out many developmental areas. Therefore, an independent assessment and testing of financial crime controls becomes a means to provide assurance to the Board and senior management about the control design and operating effectiveness of firms AML programmes.