Common mistakes in financial crime frameworks
Since returning from maternity leave, I’ve got stuck into a fair few projects and following on from my last blog on the importance of being prepared for the FCA, I wanted to highlight three recurring mistakes I see firms making. I hope by doing so, you can assess your own controls and not get caught by the same pitfalls.
1. There is a lack of cohesion around key documents within the financial crime framework
There are core components which any firm (irrespective of size and shape) need to apply in a meaningful way to be able to demonstrate a robust financial crime framework. Whilst the focus tends to be on systems, whether that be screening or monitoring based, documents are fundamental but too often overlooked. Some of the key ones include:
a thorough Business-Wide Risk Assessment (BWRA);
an informative Risk Appetite Statement (RAS);
a comprehensive Customer Risk Assessment (CRA);
clearly articulated operating framework;
a proportionate Compliance Monitoring Plan (CMP); and
a useful MLRO report.
We often assess these as being too high level (in terms of both qualitative and quantitative considerations), not linked to each other (these documents should inform one other) and what I think is the most pertinent - lacking in terms of output and outcomes. There should always be a result, an action, a ‘so what’. For example, a clear mitigation action plan arising from the BWRA’s residual risks or internal escalations and re-assessment of appetite following certain thresholds hit in the RAS.
2. Firms identify areas for improvement, but the pace of change is too slow
Firms often do the ‘hard bit’ by working out what systems and / or controls need to be enhanced and what uplifts need to happen to fix these. Staff generally have a really good idea of what isn’t working, and why. But then so often firms fail to follow through with change in a reasonable timeframe. Whilst I understand what’s ‘reasonable’ can be very subjective, firms know when they’re dragging their feet. This calls into question how effective the governance and culture is within the organisation – here are some questions which come to mind:
Do key individuals like the Head of Compliance / MLRO, have insufficient exposure to senior management to champion internal uplifts?
Is there a single view of the financial crime in-flight and desired change portfolio?
How is funding and investment being given to key FC control enhancements? Are these considered a sufficiently high priority – does this indicate a poor culture?
Have senior management not received sufficient training and therefore don’t understand how important these enhancements are to mitigate the FC risk to which their firm is exposed?
Has there been key staff turnover with insufficient handovers so these uplifts are getting lost?
It’s also worth remembering, the FCA doesn’t take kindly to the pace of change being slow (particularly if the issues were identified by them in the first place). We often see this given as one of the reasons for the more serious regulatory tools (such as s166s, restrictions of business or enforcement action) being triggered.
3. Firms are unable to explain why rules, thresholds and fuzzy logic percentages are appropriate to them
This is something we see time and time again, especially when controls have been outsourced or key people who help set up systems, have left. Here I’m thinking about the:
transaction monitoring rules and thresholds;
fuzzy logic percentages being applied to PEP and sanctions screening;
search string rules being used for adverse media screening;
RAG rating thresholds used within the RAS…
and many more!
Being able to articulate what the parameters are and why these are appropriate is essential to a FC framework which is tailored to your business, your customers and ultimately the identification of your risk.
If any of these seem familiar, just remember you are not alone. We’d be happy to help you fix any issues you may have and much like going to the doctors...we’ve seen it all before!
Looking forward to my next blog
In this I’ll be covering what the FC priorities are for the FCA and what practical steps you can take to get ahead of the game!
Holly