14 Mar Does your Firm Need a Financial Crime Gap Analysis conducted together with Training
On 5 March 2024 the Financial Conduct Authority (FCA) issued a Dear CEO letter regarding systems and controls relating to financial crime deterrence. These formal letters require all relevant firms to take notice and to act to improve their systems of control. This letter followed the assessments that they have recently been conducting.
They explicitly state that
“The fight against financial crime is a significant focus for both the Financial Conduct Authority (FCA) and the UK. It is important that firms have appropriate policies, controls and procedures in place to reduce and prevent money laundering, terrorist financing and proliferation financing.”
Consequently all firms now need to take action to ensure that the expectations of the regulator are met.
The FCA “observed common weaknesses in the following critical areas:
• Business Model – discrepancies between firms’ registered and actual activities, and lack of Financial Crime controls to keep pace with business growth
• Risk Assessment – weaknesses in Business Wide Risk Assessments and Customer Risk Assessments
• Due Diligence, Ongoing Monitoring and Policies and Procedures – lack of detail in policies creating ambiguity around actions staff should take to comply with their obligations under the MLRs
• Governance, Management Information and Training – lack of resources for Financial Crime, inadequate Financial Crime training and absence of a clear audit trail for Financial Crime related decision-making”
They expect all firms to complete a gap analysis, conducted by someone with adequate seniority, against each of the common weaknesses by 5 September 2024, with an action plan being developed to address any identified weaknesses. The FCA will be interested in this plan, together with the gap analysis when conducting future assessments.
Specific Matters Identified as Weaknesses included the following:
Business Model
The key concern was that financial crime controls were not keeping up with business growth, putting the firm at risk. As firms grow it is important that they appreciate the risk that any relationship poses to the firm and take appropriate action.
It is hard to maintain sufficient adequately qualified staff in any firm and again this was raised by the FCA. The adequacy of compliance teams, their training and back up all need to be taken into account.
This will include conducting a review into the framework, policies and procedures that the firm uses to deter financial crime. We have seen cases where these have become stale and as expectations as well as channels for doing business change, these need to be kept under constant review.
Business Wide Risk Assessment
This has been a requirement for many years, yet is often not properly conducted instead seeking to rely upon work conducted within control and risk self-assessment. With regret this is not sufficient.
The assessment needs to be conducted for the entire organisation and this also needs to be properly documented. It is not just another regulatory requirement – this is important for firms to enable them to better appreciate the financial crime landscape and how it impacts their organisation. The Board as the governing grouping need to take a direct interest in these matters to ensure that the brand and extended organisation are adequately protected.
These assessment4s need to be properly planned and documents aligned to the nature of the changing financial crime risks that an organisation faces, taking account of the new and merging communication channels.
Customer Risk Assessments
We have long known how important it is to properly assess a customer to appreciate the risk they pose to the organisation. That the FCA felt that they had to highlight this again is a matter for concern. Firms need to appreciate how to designate or risk assess customers based upon the level of financial crime risk that they pose to the organisation, with commensurate controls following appropriately. This is an essential part of the operation of the risk-based approach which all firms adopt, yet often is inadequately documented or justified in its application.
Customer Due Diligence (CDD)
The FCA have concerns that the policies that firms are using lack sufficient detail. Firms often claim that the policies need to be high level due to the diverse nature of their clients. The FCA are making it clear that general guidance is not sufficient and will need to become more granular.
On going monitoring policies were also highlighted as a concern, with there again being a lack of depth to the documentation. As technique for monitoring change, firms do need to ensure that these are adequately reflected in the policy and procedural documentation. They also need to ensure that thy are keeping up to date with the latest trends and approaches that can be applied using AI/ML and other techniques.
Financial Crime Deterrence and Governance
The FCA were concerned that the reporting and audit trail for financial crime deterrence did not make it to the Board in such a way that it was included within decision making. They are looking for a specific officer ideally on the Board to take responsibility for these issues.
Lack of Adequate Training
In practice, too often the training for financial crime deterrence has become little more than a “tick the box” exercise. These courses are worthy, often being conducted by the in house subject matter expert (SME). The FCA state that training has missed crucial topics and was not sufficiently role specific. Unless training is developed that has direct relevant to the recipient, it becomes a pointless exercise. The staff fail to appreciate why the training I relevant to them. It is not about repeating rules and regulations – rather it is about understanding the relevance of the training to the work that an individual is actually undertaking.
Training can become a powerful catalyst to change the mindset of staff to ensure that they consider financial crime deterrence in all the work that they conduct. It needs to be practical and have sufficient time applied to it to enable the issues that are likely to be faced in practice to be developed.
How can Risk Reward Limited Help you?
1. Gap Analysis
Risk Reward Limited has more than 20 years of relevant experience working with firms in the financial crime space. Our consultants can effectively and efficiently review your framework, policies, procedures, reporting and outcomes to ensure that it meets the expectations of the FCA for firms with your size and complexity.
Using an external consultant to develop a gap analysis can be cost effective and enables knowledge of market practices to be bought into the analysis. A well planned assignment can be cheaper than you expect since all of our consultants are seasoned professionals with in depth knowledge of this field.
2. Financial Crime Deterrence Training
The need is to have training developed that is truly fit for purpose, being relevant to the needs of the audience. We have been developing and delivering tailored training on financial crime deterrence for almost 25 years.
Our training is case study driven enabling he delegates to consider the issues that they are likely to be facing, recognising that there is often incomplete information available. Risk Reward includes your firm’s policies and procedures within what are your training materials and has a cost efficient solution to the development of an effective and practical course.
We conduct training both face-to-face and virtually, at all levels of an organisation enabling your management team to achieve the confidence that they need as to a successful outcome. Out trainers are experts in their field and seasoned professionals able to deal with matters that arise in practice in a practical and helpful way. Training does not finish at the end of the event either. We offer the delegated the ability to provide additional questions for 3 months after an event at no additional cost,
3. Board Positions
It may be that none of your existing executive officers wish to undertake the role as responsible officer for financial crime deterrence. Risk Reward can offer non-executive directors with in depth knowledge of this area to supplement your existing team at our normal daily rate.
Do contact Risk Reward Limited to see how we can help you navigate the regulatory landscape and ensure that your firm is adequately protected against Financial Crime Deterrence
Dennis Cox
CEO, Risk Reward Limited
A Knowledge as a Service company
