Challenger Banks – market growth not matched by FCC growth

The FCA has published a review focusing on the effectiveness of financial crime controls at a number of challenger banks. The overriding feeling is that customer acquisition has significantly outpaced the efficacy of firms’ financial crime control frameworks. The paper is critical of a number of fundamental financial crime controls with the narrative not dissimilar to criticism felt by the more ‘traditional’ banks. CDD, EDD, customer risk assessment and quality of SARs all need improvement. Rather than go over these topics again, we’ve pulled out what we found most interesting from the paper:

Practical expectations regarding change programmes

There is nothing ground-breaking in what the FCA says it expects regarding change programmes, but it is positive to see this in black and white. The FCA expects:

  • Clear project plans for control enhancements outlining:

    • Key milestones

    • Accountable executives

    • Delivery dates

In addition to the accountable executive, the FCA expects the Risk Committee, the Audit Committee and the CEO to be involved in overseeing material developments to the programmes, helping ensure that appropriate governance and challenge takes place. We have seen large scale change programmes falter and / or be significantly delayed due to a combination of the above controls not being in place. Getting the governance around change programmes right is pivotal to their success.

The rules (and regs) are the rules

The paper contains examples of firms not meeting certain requirements – for example one firm not doing customer risk assessment, and a number of firms not fulfilling a number CDD / EDD requirements.

Having worked with a number of challenger institutions their views on disrupting the sector do not stop at customer experience – they often extend to financial crime compliance. One argument I have heard is that their sophisticated TM will point the firm to where the real risks lie and to where they should be focusing their FCC efforts. And therefore, their front-end controls are not hugely important (this may or may not help with speed of onboarding!). There is likely some merit in this argument – however what is clear is that this approach is not acceptable. The review highlights challenger banks exiting a large number of customers that they should never have taken on in the first place. So, although rules and regulations may not have been designed specifically for this group – they have to comply with them.

Detail on TM alert management

The review identifies ineffective TM alert management, citing inconsistent and inadequate rationale for discounting alerts, poor investigatory notes and a lack of holistic reviews of alerts. The FCA expects firms to have adequate resources in place to holistically consider customers’ activity as part of the TM review process. This should include:

  • Reviewing what the firm knows about the customer:

    • Previous alerts

    • Income

    • Nature and purpose of account

    • Payment references

DAML breaches

The paper highlights a number of firms that have not complied with their legal obligation to not pay away funds post seeking a DAML. Ensuring controls are joined up is crucial to getting this right. Our view is that a targeted focus of this element of POCA should feature in third line financial crime audits.

PRIN 11

The FCA pointed to a number of instances where “significant financial crime control failures” were not reported to the FCA under principle 11. For example, in one firm Internal Audit identified areas that were not fully compliant with the MLRs however the bank did not tell the FCA. This should serve as a reminder to all firms to keep the FCA in the loop regarding significant failings. It is much better to advise the FCA of the problem along with your plan to fix it, rather than the FCA discovering the issue themselves.

What firms should do next

The FCA makes it clear that in terms of who should be reading this review – “we are targeting this review at Money Laundering Reporting Officers and industry practitioners working in financial crime roles”. We read that as anyone in a second line financial crime role across industry. So, although the specific call for action is aimed at Challenger Banks – all firms would benefit following some or all of these next steps:

  1. Do a gap analysis of the findings of the review against your current financial crime framework.

  2. If you haven’t done the same re the Dear CEO letter to retail banks – you should.

  3. Review your CRA and EDD measures are effective in light of the heightened risk of sanctions evasion.

  4. Ensure your BWRA appropriately takes into account the National Risk Assessment.

  5. Be prepared to give an update of your financial crime framework against a backdrop of changing financial crime risks.

The final point is interesting and is the FCA telling firms that they expect them to be on the front foot to address the changing landscape. Questions from the FCA such as “What steps have you taken in 2022 to address changing financial crime risks” should be expected.

Previous
Previous

Avyse Partners appoint Emma Croft as Senior Consultant

Next
Next

Kleptocracy, SARs and Sanctions – Practical Takeaways