The UK Financial Conduct Authority’s (FCA) review of challenger banks (the Review), conducted over 2021, found a number of significant areas for improvement in challenger banks’ financial crime controls. The review was conducted after the UK’s 2020 National Risk Assessment of money laundering and terrorist financing (NRA) identified that challenger banks were frequently targeted by criminals setting up money mule1 networks. The FCA published its key findings in the Challenger Bank Review Report (the Report).
This article summarises the key findings of the Review and recommends actions that senior financial crime officials, both at challenger banks and at other financial institutions, may want to consider in response to the Report.
Challenger Banks are a sub-sector of retail banks that aim to reduce the market concentration of traditional high street banks using technology and more up-to-date IT systems2. The FCA recognises challenger banks are an important part of the UK’s retail banking offering, but cautions against making a trade-off between quick and easy account opening and operating a robust financial crime control framework. Any rapid customer growth must happen in tandem with compliance with the UK Money Laundering Regulations.
The Review focused on challenger banks that were relatively new to the market and offered a quick and easy application and onboarding process. The FCA sampled six challenger retail banks, with a focus on digital banks. The banks reviewed had a total customer population of more than 8 million customers. The review excluded e-money issuers and payment services providers to allow for a better comparison with traditional retail banks that provide similar products. The financial crime controls tested included governance and management information; policies and procedures; risk assessments; customer due diligence (CDD) and enhanced due diligence (EDD); ongoing monitoring; and communication and training.
During its review, the FCA identified good financial crime risk management practices, for example, in the areas of effective and innovative use of data and information to mitigate risks, tailored and regularly updated financial crime policies and procedures, conducting basic due diligence, and use of technology to monitor for fraud. However, the FCA also identified some key weaknesses as set out below. Overall, the FCA concluded that the inherent financial crime risks for challenger banks are similar to those present at traditional retail banks. The FCA has requested challenger banks to review the findings in the Report and take the necessary remedial action.
Some challenger banks did not have a CRA in place, and others lacked a well-developed and detailed CRA framework. Without an effective CRA regime, challenger banks cannot duly assess the risk its customers present to its business and ensure due diligence and ongoing monitoring are proportionate to the risks identified.
The FCA found weaknesses in challenger banks’ CDD and EDD programmes. For example, lack of CDD procedures at the customer on-boarding stage, inconsistency in applying EDD, and reliance on transaction monitoring systems to identify higher risk customers instead of obtaining full customer information at onboarding, such as income and occupation details. As understanding or “knowing” ones’ customer is the backbone of a robust financial crime control framework, shortcomings in the CDD/EDD space will negatively impact the robustness of all other Anti-Money Laundering/Terrorism Financing and sanctions controls.
The FCA highlighted inadequate oversight and a lack of pace in implementing anti-financial crime frameworks as another key shortcoming. Deficiencies included lacking governance and oversight, such as insufficient involvement and oversight through senior management, CEOs and relevant committees, as well as inadequate project management to ensure timely completion of committed programme enhancements. These shortcomings are often further exacerbated by the rapid growth of operations and customer base of newly established challenger banks, which makes maintaining an adequate financial crime control framework a challenge at the best of times.
The Review also identified inadequate handling of transaction monitoring alerts, raising a number of issues, such as inconsistent and inadequate rationale for discounting alerts, a lack of basic information recorded in the investigation notes, lack of holistic reviews of the alerts and alerts not being reviewed in a timely manner due to inadequate resources. This impacted firms’ ability to make timely Suspicious Activity Reports (SARs), as required under the Proceeds of Crime Act 2002. In this context, the Report also noted that the quality of SARs requires improvement at a number of firms.
Finally, the Review noted instances where firms had failed to notify the FCA in line with their obligations under Principle 11 of the FCA’s Handbook regarding significant financial crime control failures.
The FCA expects challenger banks to take close notice of the findings of the Review. Heads of Compliance or Money Laundering ROs should take timely action and conduct a gap assessment of their existing financial crime programme against the key findings of the Report. It is important that they duly document their approach, outcomes and further actions, including a notification of the FCA under Principle 11. Where relevant, they need to develop an action plan for remediation of any identified gaps or shortcomings within a reasonable timeframe, if not already in place.
The Report should also serve as a reminder or checklist for senior compliance stakeholder at other regulated institutions. The key findings address financial crime control areas for which the FCA has regularly highlighted weaknesses, both through their regular communication such as the Dear CEO letters, and through enforcement action.
Guidehouse has experience supporting a broad spectrum of regulated clients, including challenger banks in the UK and globally. Guidehouse can help you independently assess your financial crime compliance programmes to identify and enhance operations, policies, procedures, controls, and technology as needed. Guidehouse is well-equipped to make an individualised assessment of your unique circumstances and offers innovative advice and solutions for responding to heightened regulatory requirements and challenges.