Post: Calibrating controls to build confident markets

Acting to fight crime
Black bin liners stuffed with £700,000.

An international deal for PPE kit.

A widow transferring money to her online love interest…

What do these cases all have in common? They all had links to financial crimes and should have raised suspicious activity reports.

In the first case, despite bulging black bin liners breaking from the weight of 700,000 in notes, nobody at a Walsall bank thought to raise a suspicious activity report.

That lack of action cost NatWest nearly 265 million pounds in fines for breaching anti-money laundering regulations and a criminal conviction.

In the second case, the alert was properly raised and the National Crime Agency arrested an individual suspected of setting up a UK company to run a fraudulent scheme profiteering from PPE shortages during the pandemic.

And in the final case, HSBC were able to uncover a romance scammer who had created a fake online dating profile and came perilously close to convincing a woman to transfer tens of thousands in savings to her bogus love interest to help with a supposedly temporary cash flow problem.

Financial crime is never a victimless crime. It not only costs corporations and consumers, but it also damages the integrity and reputation of our markets, and this undermines our international competitiveness.

That is why fighting financial crime has been a key focus of our strategy.

As an outcomes and data-led regulator, we are focusing on results. There has been an eight per cent reduction in the total amount lost through fraud in the last year – according to data from UK Finance.

Much has been done but there is still much more to do. We want to identify and prevent harm – and take action.

As part of this, we have clear expectations of firms. It is firms who are our first line of defence in the fight against crime.

They need to understand their risks and calibrate their controls appropriately and proportionately. Those checks carried out by firms can disrupt serious criminality and protect the public.

Taking early action can also save millions in fines down the line as well as the reputations of firms.

Fraud accounts for 40 per cent of all crime. Sometimes people mistakenly think that because banks can reimburse victims, no one really loses out. But we all do as the costs of covering these crimes are passed on to all customers.

Worse, financial crime, fraud and money laundering have even more sinister roots in human trafficking, terrorism and child exploitation.

Risky business
Not all risk is the same. As a lawyer, I know catering for extreme cases makes for bad law.

Likewise, tackling financial crime and imposing controls should not be about a rigid, inflexible system aimed at the worst-case scenario. It is not a compliance, tick box exercise.

To calibrate risk, you need to understand who your clients are, identify the sorts of transactions you would expect them to make and have systems in place to flag when there is suspicious activity.

We have published our report on sanctions where we identify good and bad practice.

In the run up to Russia’s invasion of Ukraine, we saw firms anticipating the geopolitical developments and formulating contingency plans, ready to spring into action should the worst happen. We were impressed with their preparedness.

But we also saw firms drag their feet, creating backlogs that they were unable to keep on top of. Equally, too many firms thought that an off-the-shelf tech solution would suffice.

You simply cannot outsource risk calibration to a third party and palm off all responsibility for keeping on top of it to external firms. Firms need to understand their risks – both high and low – and make sure they have a proportionate and risk-based approach to deal with them.

Testing firms’ sanctions controls
We are stepping up our testing of firms’ risk-based systems and as a data-led regulator, using data and tech to do so.

Our recent testing of firms’ compliance with sanctions was driven by data and tech. We asked firms to test their own controls against a sample data set, and then selected those for a visit who had not picked up what we were expecting. More effective use of artificial intelligence will bolster our toolkit in the future.

This is an example of us taking a risk-based approach – not a tick box approach, and we expect the same from firms.

When we did this testing, we found good practice and bad. Good firms knew their client base, knew who they were dealing with and calibrated their sanctions alerting systems to UK as well as international sanctions lists.

Bad firms didn’t – they left their screening to outsourced entities, didn’t understand the corporate structures for their corporate client base, and hadn’t calibrated monitoring to UK sanctions requirements.

So, in summary, those who carry out tick box compliance exercises should not be surprised to find a surprise visitor from the FCA on their doorstep.

Never be afraid to question if your firm has the right risk calibration – checking if it is proportionate – whether it is too high or too low. If you’re working in financial crime in the first line of defence, you should be able to see the golden thread between your activity and protecting the public from serious crime. 

We will increase our focus on whistleblowing in high-risk sectors and expect first line of defence employees to raise awareness of the process and benefits of whistleblowing for organisations and wider society. We will be testing how effectively these messages have been shared and will identify best practice across the industry.

Whistleblowing has allowed us to tackle problems including consumers being mis-sold loans, unauthorised firms taking on customers, and failings in firms’ own internal whistleblowing procedures.

There are some who perhaps want us to move directly from whistleblowing to immediate enforcement. For obvious reasons, this can be counterproductive. It can imperil the anonymity of the whistleblower; it can undermine the likelihood of us being able to bring the case to court and it can also spur the wrong doers into covering their tracks and evading capture.

Just like our other work, moving from whistleblowing to enforcement must be evidence-led, with the outcomes in mind. The integrity not just of the firm but of our markets is at stake

PEPs Review and future developments
Speaking of evidence, we are also working to support changes to faster payments, so that payments can be slowed down in cases of suspected fraud.

And through our Office of Professional Body Anti-Money Laundering Supervision (OPBAS), we are driving for more effective anti-money laundering supervision of lawyers and accountants to stop professional enablers of financial crime.

On September 5 2023 we unveiled our terms of reference for our review of the Politically Exposed Persons (PEPs) regime. Its aim is to maintain the UK’s high standards and clean markets while striking the right balance between being robust and proportionate when it comes to considering the risk of domestic PEPs.

Our guidance is based on the international anti-money laundering rules that were implemented through domestic legislation. We make clear that UK public figures should generally be treated as a lower risk than foreign PEPs.

Firms must be able to manage financial crime risks. But if PEPs rules are applied inappropriately, individuals and their families may find themselves excluded from products or services through no fault of their own. 

That is why we are engaging with PEPs, firms, and other stakeholders to understand whether we need to make improvements to how the regime applies in the UK.

Firms must calibrate for the right risk level. We are intelligence-led, and where we find that firms are persistently problematic in managing that risk level, we will take action.

Individuals can also raise concerns with their financial institutions and the Financial Services Ombudsman.

Outcomes are our bottom line
To run a successful firm, you need to be driven by the bottom line. To be a successful regulator, you also must be led by the data and focus on the results. And focus on outcomes.

That is why reducing financial crime is one of our key super-charged priorities this coming year. We have devoted resources to strengthen the focus on financial crime systems and controls when we authorise firms, we are using data testing and tools to identify firms where there may be weaknesses, have unleashed technology to detect and take down scam sites, and acted to fine and prosecute firms.

We are one of the most prolific enforcers globally of anti-money laundering rules, with more than one billion pounds issued in penalties since 2010. 

 More than 8,500 misleading adverts have been removed by us in 2022, 14 times as many as the previous year.  

 We have carried out 352 proactive assessments of sanctions in the last financial year – nearly 4 times as many as the previous year.  And we have used synthetic data sets to test the effectiveness of firms’ sanctions controls. 

More than 610 financial crime supervision cases have been opened in the same time frame, an increase of more than 65% from the previous year. 

We know that we are always stronger when working together and, in the UK, we have successful public and private partnerships when it comes to fighting financial crime. 

That is why we are committed to continue sharing the results of our work – examples of good and bad practice – including sharing data on firms used for payment fraud which will be published in the Autumn. We are playing our part in supporting the UK’s public private economic crime plan, and in the UK’s first national fraud strategy. Through the Consumer Duty, which came into force in July, we are also focusing on achieving good outcomes for consumers – and we will look to see how firms are operating their financial crime systems with the Consumer Duty in mind.

Eradicating financial crime benefits not just consumers but all those involved in the investment sector. It ensures that investors can have confidence in the integrity of the market and those firms and individuals they entrust their pensions and investments to. 

But as an outcomes focused regulator, we need firms to play their part. My message is clear – financial crime risks differ. Risk calibration is important. Technology has a great role to play – but do not outsource all responsibility to your third-party providers – understand your clients, their level of risk, and act proportionality.

It is up to all of us to be alert to the risk, taking action which is both robust and proportionate to protect our consumers, our firms and our clean markets. 

Search below to find any information or documents you are interested in.

Categories