By Priya Giuliani, Alexandra Will, Galajo Bah
The UK Financial Conduct Authority’s (FCA) review of challenger banks (the Review1), conducted over 2021, found a number of significant areas for improvement in challenger banks’ financial crime controls. The review was conducted after the UK’s 2020 National Risk Assessment of money laundering and terrorist financing (NRA2) identified that challenger banks were frequently targeted by criminals setting up money mule3 networks. The FCA published its key findings in the Challenger Bank Review Report (the Report).
This article summarises the key findings of the Review and recommends actions that senior financial crime officials, both at challenger banks and at other financial institutions, may want to consider in response to the Report.
Challenger Banks are a sub-sector of retail banks that aim to reduce the market concentration of traditional high street banks using technology and more up-to-date IT systems4. The FCA recognises challenger banks are an important part of the UK’s retail banking offering, but cautions against making a trade-off between quick and easy account opening and operating a robust financial crime control framework. Any rapid customer growth must happen in tandem with compliance with the UK Money Laundering Regulations5.
The Review focused on challenger banks that were relatively new to the market and offered a quick and easy application and onboarding process. The FCA sampled six challenger retail banks, with a focus on digital banks. The banks reviewed had a total customer population of more than 8 million customers. The review excluded e-money issuers and payment services providers to allow for a better comparison with traditional retail banks that provide similar products. The financial crime controls tested included governance and management information; policies and procedures; risk assessments; customer due diligence (CDD) and enhanced due diligence (EDD); ongoing monitoring; and communication and training.
During its review, the FCA identified good financial crime risk management practices, for example, in the areas of effective and innovative use of data and information to mitigate risks, tailored and regularly updated financial crime policies and procedures, conducting basic due diligence, and use of technology to monitor for fraud. However, the FCA also identified some key weaknesses as set out below. Overall, the FCA concluded that the inherent financial crime risks for challenger banks are similar to those present at traditional retail banks. The FCA has requested challenger banks to review the findings in the Report and take the necessary remedial action.
Customer risk assessment (CRA)
Some challenger banks did not have a CRA in place, and others lacked a well-developed and detailed CRA framework. Without an effective CRA regime, challenger banks cannot duly assess the risk its customers present to its business and ensure due diligence and ongoing monitoring are proportionate to the risks identified.
CDD and EDD
The FCA found weaknesses in challenger banks’ CDD and EDD programmes. For example, lack of CDD procedures at the customer on-boarding stage, inconsistency in applying EDD, and reliance on transaction monitoring systems to identify higher risk customers instead of obtaining full customer information at onboarding, such as income and occupation details. As understanding or “knowing” ones’ customer is the backbone of a robust financial crime control framework, shortcomings in the CDD/EDD space will negatively impact the robustness of all other Anti-Money Laundering/Terrorism Financing and sanctions controls.
Financial crime change programmes
The FCA highlighted inadequate oversight and a lack of pace in implementing anti-financial crime frameworks as another key shortcoming. Deficiencies included lacking governance and oversight, such as insufficient involvement and oversight through senior management, CEOs and relevant committees, as well as inadequate project management to ensure timely completion of committed programme enhancements. These shortcomings are often further exacerbated by the rapid growth of operations and customer base of newly established challenger banks, which makes maintaining an adequate financial crime control framework a challenge at the best of times.
Ineffective transaction monitoring alert management and SAR filings
The Review also identified inadequate handling of transaction monitoring alerts, raising a number of issues, such as inconsistent and inadequate rationale for discounting alerts, a lack of basic information recorded in the investigation notes, lack of holistic reviews of the alerts and alerts not being reviewed in a timely manner due to inadequate resources. This impacted firms’ ability to make timely Suspicious Activity Reports (SARs), as required under the Proceeds of Crime Act 2002. In this context, the Report also noted that the quality of SARs requires improvement at a number of firms.
Principle 11 Notification
Finally, the Review noted instances where firms had failed to notify the FCA in line with their obligations under Principle 11 of the FCA’s Handbook regarding significant financial crime control failures.
The FCA expects challenger banks to take close notice of the findings of the Review. Heads of Compliance or Money Laundering ROs should take timely action and conduct a gap assessment of their existing financial crime programme against the key findings of the Report. It is important that they duly document their approach, outcomes and further actions, including a notification of the FCA under Principle 11. Where relevant, they need to develop an action plan for remediation of any identified gaps or shortcomings within a reasonable timeframe, if not already in place.
The Report should also serve as a reminder or checklist for senior compliance stakeholder at other regulated institutions. The key findings address financial crime control areas for which the FCA has regularly highlighted weaknesses, both through their regular communication such as the Dear CEO letters, and through enforcement action.
Guidehouse has experience supporting a broad spectrum of regulated clients, including challenger banks in the UK and globally. Guidehouse can help you independently assess your financial crime compliance programmes to identify and enhance operations, policies, procedures, controls, and technology as needed. Guidehouse is well-equipped to make an individualised assessment of your unique circumstances and offers innovative advice and solutions for responding to heightened regulatory requirements and challenges.
3 Money mules are people who, often without knowing it, have been recruited as money laundering intermediaries for criminals and criminal organisations. The money mules transfer stolen funds between accounts, often in different countries, on behalf of others.
4 As defined by the NRA.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.