As the sophistication of those seeking to exploit firms and consumers increases, so too have regulators’ expectations of the standards of firm’s financial crime controls. In the UK, the FCA’s commitment to short notice and unannounced visits in its November “Dear CEO” letter to wealth management and stockbroking firms is a demonstration of its “more assertive, intrusive, proactive and data driven” approach to supervision.
It is not just wealth managers in the firing line; we have also seen increased expectations of asset managers through supervisory interactions and communications. Firms are already grappling with a barrage of ongoing regulatory change, and the addition of heightened expectations in financial crime has resulted in many wondering how they can continue to meet these ever-increasing standards.
In this article, we highlight the key areas that asset and wealth managers should focus on to meet regulatory expectations and discuss our recommended approach to prepare for any short notice supervisory interactions.
Key FCA Financial Crime Expectations
Over the last ten years, regulators have aimed to provide greater guidance to the market, outlining their expectations and distinguishing between good and poor practices. Given this approach and the urgency suggested within recent communications, the FCA will expect firms to have thoroughly reviewed the information and benchmarked themselves against the key messages.
The “Dear CEO” letter is the latest communication from the FCA to reiterate the severity of financial crime failures, building upon previous messaging in Market Watch Articles 69 and 73. The graphic below gives an overview of the key regulatory expectations in financial crime.
How Should Firms Assess Their Current Framework and Controls?
Although the FCA’s expectations are evolving, firms can meet these core standards through a tried and tested approach. As a first step, firms should conduct a comprehensive Financial Crime Risk Assessment tailored to their business model – this should inform the effectiveness of their operating model and controls in managing the risk as well as driving any need for enhancements.
An effective review can focus on five key operating model pillars and the good practice standards for each:
- Governance: An assessment of the governance structure including the Board, committees and ad hoc forums / mechanisms for senior management’s ability to identify, escalate and take action proactively and promptly. Senior management should be able to clearly articulate through the organisational structure and framework how it takes responsibility for financial crime risks and establishes the right culture.
- People: Review the adequacy of the organisational structure across the three lines of defence. Firms should validate that there are sufficient dedicated resources, clear responsibilities as well as skilled and experienced staff to implement the firm’s systems and controls effectively.
- Process: Poorly documented processes can often lead to ineffective financial crime controls. The key to effectively utilising the systems, tools and data available is to have clearly articulated policies and procedures. These should cover key areas including onboarding, screening and transaction monitoring. To support this goal, firms should review whether policies and procedures include sufficient detail to enable staff to appropriately identify, assess and escalate suspicions or risks.
- Data: Understanding data requirements is an essential component of making effective decisions, and mitigating financial crime risk. Firms should review and use their business risks assessments to document the data needed to monitor the risks associated with their business. Assessing whether consistent data is used by all three lines of defence to deliver timely and actionable MI is important.
- Technology: Technology can relieve some of the burden of compliance through automating time-intensive processes such as surveillance and Customer Due Diligence (CDD). However, it is imperative that firms invest time in appropriately reviewing and calibrating solutions to test they operate in line with stated internal policies and procedures. Simple use of workflow, internal communications and visualisation tools can increase compliance and efficiency at a relatively low cost.
What can you expect from the FCA?
The FCA has been clear that its supervisory approach will target outlier firms identified through its data strategy. Although firms should expect unannounced visits from the FCA if there is evidence that financial crime obligations are not being met or poor customer outcomes are being achieved, there is also increasing engagement through peer-reviews and focused enquiries. The quality of firms’ regulatory reporting is likely to be an important hook that the regulator will use for identifying outliers.
We expect to see the FCA testing how firms have integrated financial crime controls and reporting with its implementation of Consumer Duty. We have already seen the new Consumer Duty Principle 12, which requires firms to deliver good outcomes for retail customers, used as an anchor to reviews across value assessments, ESG and other areas.
The FCA communications are a clear call to action and firms are expected to identify and correct deficiencies in their approach. Alpha recommends that firms take immediate steps to increase their preparedness and avoid being exposed to regulatory scrutiny:
- Undertake a gap analysis of the firm’s arrangements against all regulatory communications: Firms can expect supervisory engagements to focus on areas that the FCA has set out in public communications.
- Complete a business-wide risk assessment: A comprehensive financial crime risk assessment framework, methodology and output is essential and reflects a baseline expectation from regulators. Senior management must be able to evidence that it understands the risks the firm faces, has suitable systems and controls in place, and regularly monitors effectiveness.
- Review the financial crime operating model: Firms can quickly identify any weaknesses in their approach by reviewing current state arrangements against the five key components of the operating model described above.
How can Alpha help?
Alpha is currently supporting firms with business-wide financial crime risk assessments and reviewing their operating models. Our ex-supervisors have also helped a number of firms prepare for regulatory visits.
If you would like to discuss the best practices we see being implemented or how we may be able to support you, please get in touch here.