On 21 May 2021, the Financial Conduct Authority (FCA) published a Dear CEO letter to UK retail banks to highlight recent common control failings identified by the regulator in anti-money laundering (AML) frameworks of these entities. The FCA identified the following common weaknesses and themes:
The FCA noted that it is seeing material governance deficiencies. Firms often do not adhere to a three-lines-of-defence model and often confuse the expected responsibilities of the first-line business roles and the second-line compliance roles. First-line employees often do not own or fully own and understand the financial crime risks faced by firms, inhibiting the ability to identify and mitigate potential suspicious activity. This also limits the ability of compliance personnel to independently monitor and test financial crime systems and controls.
The FCA observed that firms frequently place too much reliance on ready-made controls, frameworks, and products. The FCA expects UK-regulated firms using centralised systems for controls such as sanctions screening or transaction monitoring to ensure that UK-specific requirements are taken into consideration to effectively mitigate the risk exposure of the UK firm. Furthermore, firms must be able to document the effectiveness of those processes and be able to evidence that an adequate assessment has been performed specific to the UK business model.
Additionally, the FCA found that firms often lacked governance over senior management approval of high risk scenarios as mandated by the UK Money Laundering Regulations. Firms are required to evidence decisions of financial crime-related escalations, customer approvals at onboarding, and periodic reviews. In addition, firms must evidence the first line of defence’s assessment and rationale for acceptance at onboarding and at periodic review of low risk customer relationships.
The FCA observed that Customer Due Diligence (CDD) is often inadequate and noted that firms should implement controls relating to expected account activity discrepancies and that appropriate investigations are performed where there is a disparity. Firms must establish clear policies and procedures to fulfil CDD and Enhanced Due Diligence (EDD) requirements.
Further, the FCA identified deficiencies within the approach taken by firms in relation to EDD. For example, firms must be able to document the Source of Wealth and Source of Funds for Politically Exposed Persons (PEP) relationships. The FCA observed that the same documents are frequently used to satisfy the two requirements. Additionally, firms must undertake a risk-based approach when considering the level of due diligence required for PEP relationships. Firms are required to implement EDD measures for all high-risk situations and be able to clearly evidence what actions have been undertaken.
The FCA identified instances where group-led centralised transaction-monitoring solutions were implemented without adequate calibration to incorporate UK-specific requirements. The FCA expects firms to document the rationale for the rules and thresholds used by transaction-monitoring systems to take into consideration the specific business activities, products, and customers of the firm.
The FCA observed that there is a lack of understanding with regard to the technical setup of the transaction-monitoring system where firms have failed to undertake regular appropriate assessments of the data feeds and data integrity of the systems. Firms must also be able to document the investigative steps taken and the rationale for discounting alerts generated by the transaction-monitoring systems and provide evidence and reasonable explanations for the disposition of the alert.
Guidehouse can rapidly review and assess your financial crime framework to determine whether it is operationally effective and meets the new regulatory expectations. Guidehouse can identify financial crime framework gaps, advise on optimal solutions to weaknesses identified, and identify areas (e.g., products, services, clients, and relationships) that pose a higher degree of risk. Guidehouse has in-depth knowledge of the regulatory environment, both in the UK and globally, and financial institution processes. Guidehouse’s relevant expertise includes the following:
Guidehouse’s financial crime consultants work with financial institutions of all sizes to build effective and efficient risk management and compliance frameworks to help clients protect against legal, fiduciary, shareholder, and reputational risk. Guidehouse experts include distinguished former prosecutors, regulators, compliance officers, and consultants, who leverage their combined experience to help clients conquer their compliance challenges.