Last month the FCA published an open letter to CEOs of payment service firms (PSFs) (FCA, 2020). As more consumers, firms and products enter this market, the FCA is concerned for consumers’ safety and has urged firms to ensure they are compliant with their regulatory obligations to prevent harm to their customers. One of the six key areas the FCA wants PSFs to focus on is on financial crime, as this is a key cross-sector priority for the regulator.
After reviewing 100 firms’ anti money laundering (AML) processes, the FCA concluded that firms are not effective in managing their financial crime risk. This finding is aligned with the findings from Baringa’s Top 10 Financial Crime Risks Report, which found that financial institutions are not effective at preventing the most prevalent financial crime risks that they are exposed to. According to the FCA, this is due to a lack of effective bank-wide AML and customer risk assessments in firms today. The FCA also cited inefficiencies regarding the monitoring of high-risk customers and agents.
The crux of effective financial crime risk management is risk awareness, and to be effective at preventing financial crime, firms must have a clear view on the specific risks they are exposed to. By understanding those risks, firms can put in place targeted and proportionate detective and preventative controls. Baringa’s research has demonstrated that there is currently a lack of correlation between the prevalence of a risk and how effectively it is being mitigated; too often institutions focus on putting generic financial crime control frameworks in place, instead of focusing on their most prevalent risks, which leads to ineffective controls and resource inefficiencies.
Understanding an organisation's inherent risks is crucial to establishing effective and proportionate financial crime controls. To do so, organisations should examine their customer base and product offerings to identify specific financial crime risks that they are exposed to.
This is an essential step in performing financial crime risk assessments, where the residual risk is determined by analysing both the organisation’s inherent risks and the effectiveness of controls at mitigating these risks. The main objective of a financial crime risk assessment is not to see a perfect picture but rather to have transparency on control deficiencies, or areas for improvement. Controls can then be reviewed and refined by taking a more bespoke approach to financial crime compliance, that ensures models and scenarios match the organisation’s risk profile and appetite.
Improving resource efficiency
The increased scrutiny by regulators often incentivises organisations to put in place stringent criteria for passing financial crime controls in order to demonstrate that they are meeting regulatory requirements. This leads to increasing compliance burdens as vast resources are needed to support financial crime controls. Too often organisations are having to deal with unsustainable alert backlogs with high volumes of false positives that result in operational bottlenecks and increased costs.
This is particularly significant for PSFs, as the 5AMLD has lower monetary thresholds for prepaid instruments that are subject to customer due diligence, and has extended the AML-obliged entities to both cryptocurrency and custodian wallets (EU European Parliament and Council, 2018). With the FCA stating very clearly that they will take actions against firms that fall short of their expectations, there is added pressure to improve financial crime compliance models without creating an unnecessary operational burden. To do so, firms must employ effective underlying risk models to keep customers and the financial system safe from abuse by criminals, whilst decreasing reliance on costly manual efforts to prevent and detect illicit behaviour.
In summary, the regulator wants to see firms taking the necessary steps to properly manage their financial crime risks. This is a great opportunity for firms to reflect on how much they truly understand the risks they are inherently exposed to and to leverage that knowledge to create stronger and more efficient controls.
Baringa’s Financial Crime team have an extensive experience of financial crime typology analysis, customer and product risk assessment methodologies and financial crime control reviews, as well as definition and implementation of financial crime operating models and governance. Please contact Christopher Nott for more information about the services we provide and how we can help your organisation.
EU European Parliament and Council. (2018). EUR-Lex - 32018L0843 - EN - EUR-Lex. https://eur-lex.europa.eu/eli/dir/2018/843/oj
FCA. (2020). Portfolio strategy letter for payment services firms and e-money issuers. https://www.fca.org.uk/publication/correspondence/payment-services-firms-e-money-issuers-portfolio-letter.pdf
About the author:
Margarida Ferreira is an Analyst in Baringa's Finance Risk and Compliance practice.